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KEY FEATURES 
IXR-22X4IB iIXR-1204+10G 
- Dual Intel® Xeon® Processors E5-2600 Family per node - Dual Intel® Xeon® Processors E5-2600 Family 
- Intel® C600 series chipset « Intel® C600 series chipset 
- Four server nodes in 2U of rack space ¢ Intel® X540 Dual-Port 10 Gigabit Ethernet Controllers 
« Up to 256GB main memory per server node - Up to 16 Cores and 32 process threads 
« One Mellanox® ConnectX QDR 40Gbp/s Infiniband w/QSFP « Up to 768GB main memory 
Connector per node « Four SAS/SATA drive bays 
- 12 SAS/SATA drive bays, 3 per node ¢ Onboard SATA RAID 0, 1, 5, and 10 
« Hardware RAID via LSI2108 controller - 700W high-efficiency redundant power supply with 
« Shared 1620W redundant high-efficiency Platinum FC and PMBus (80%+ Gold Certified) 


level (91%+) power supplies 
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High-Density iXsystems Servers powered by the 
Intel® Xeon® Processor E5-2600 Family and Intel® 
C600 series chipset can pack up to 768GB of RAM 
into 1U of rack space or up to 8 processors - with 
up to 128 threads - in 2U. 


On-board 10 Gigabit Ethernet and Infiniband for Greater 
Throughput in less Rack Space. 


Servers from iXsystems based on the Intel® Xeon® Processor E5-2600 
Family feature high-throughput connections on the motherboard, saving 
critical expansion space. The Intel® C600 Series chipset supports up to 
384GB of RAM per processor, allowing performance in a single server to 
reach new heights. This ensures that you're not paying for more than you 
need to achieve the performance you want. 


The iXR-1204 +10G features dual onboard 10GigE + dual onboard 
1GigE network controllers, up to 768GB of RAM and dual Intel® Xeon® 
Processors E5-2600 Family, freeing up critical expansion card space for 
application-specific hardware. The uncompromised performance and 
flexibility of the iXR-1204 +10G makes it suitable for clustering, high-traffic 
webservers, virtualization, and cloud computing applications - anywhere 
you need the most resources available. 


For even greater performance density, the iXR-22X4IB squeezes four 
server nodes into two units of rack space, each with dual Intel® Xeon® 
Processors E5-2600 Family, up to 256GB of RAM, and an on-board Mellanox® 
ConnectX QDR 40Gbp/s Infiniband w/QSFP Connector. The iXR-22X4 IB is 
perfect for high-powered computing, virtualization, or business intelligence 
applications that require the computing power of the Intel® Xeon® Processor 
E5-2600 Family and the high throughput of Infiniband. 





Intel, the Intel logo, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and other countries. 
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he June issue of BSD Magazine is dedicated to the Ruby scripting 

language with the use of Ruby Version Manager (RVM) and 
Ruby on Rails (RoR), the Ruby’s web framework. Moreover, on the 
following pages, you will find articles about Sofin software installer 
and security updates for OpenBSD packages. 


We start with Rob’s column, where he will discuss how BBC has 
abandoned a $150m IT project and suspended the CTO responsible. 


In the What’s New section, Daniel Detilaff announces the Tirst 
release of Sofin, a software installer that provides a new _way tO 
build software these days. This tool will eliminate endless problems 
with software requirements, user demands, and that entire mess. 


Next, we will show how to back up a server step by step on a 
regular basis to prevent the loss of data. 


Then you will have a chance to test the Ruby on Rails framework 
on FreeBSD. The RoR is a framework that is very well-known in 
the world of web-development. It allows you to create fully featured 
websites semi-automatically. 


This month’s Dev Corner covers the Push Button Installer 
(PBI) format which is an easy-to-use package format for end-user 
applications. It covers EasyPBI as well. EasyPBI is a tool designed 
to simplify the generation of these PBI packages. 


In the Admin section, Thibaut Deloffre explores the Ruby Version 
Manager, which Is a great tool to manage several Ruby binaries 
without dependency breaks. 
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ill show how to start 


Then in the Extras section, Petr T 
binpatches, -stable package updates 
using the update service on OpenBSD. — 


Finally, Egoitz Aurrekoetxea Aurre will list Xen Cloud Platform’s 
advantages and will show how to take them with FreeBSD. Moreover, 
he will demonstrate how to run FreeBSD in XCP.. 


We hope you will enjoy this issue and find many interesting 
articles! 


Kamil Sobieraj 
Editor of BSD Magazine 
& BSD Team 
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Let’s Talk 
OG The British Broadcasting Corporation 
(BBC) 


By Rob Somerville 
BBC has abandoned a $150m IT project and suspended 
the CTO responsible. What is it about large scale public 
sector IT projects that cause them to be synonymous with 
failure? 


What’s New 


OSSofin, the Software Installer 
By Daniel (Dmilith) Dettlaff 

lf you've ever tried building software for your server without 
getting mad and frustrated, without approaching endless 
problems with software requirements, user demands and 
that entire mess, you should probably know that there's 
a solution available that addresses these problems. It's 
called Sofin. 


1<4A Backup Server with FreeBSD for 
Mixed Networks in SOHO Environment 
By Antonio Francesco Gentile 
Backing up servers and clients is an essential task that 
should be carried out on a regular basis, as it helps prevent 
the loss of data. The backup tasks can be performed in two 
different ways, using automated software or by running 
the software manually. It is essential, however, to make 
sure that the backups are working properly and running 
on a regular basis. 


= =—FreeBSD on Rails 

By Julien Grillot 
Ruby on Rails is a powerful Web framework. It makes 
application prototyping a breeze, in a few days. Installing 
it is quite trivial if you know the pitfalls. 





Developer’s Corner 


= 6 Creating PBI’s with EasyPBI 
By Ken Moore 

The Push Button Installer (PBI) format is an easy- 
to-use package format for end-user applications that 
requires a specialized set of build instructions to create 
a PBI package. EasyPBI is designed to simplify the 
generation and use of these build instructions so that 
even non-technical users can quickly create and distribute 
applications as PBI packages. 


Admin 


<3 = Manage your Ruby Versions Under 
FreeBSD 
By Thibaut Deloffre 
Ruby Version Manager is a great tool to manage several 
Ruby binaries without dependency breaks. The examples 
from this article have been tested under FreeBSD 9.1 with 
bash. 


Extras 


<1O Keep OpenBSD customers satisfied 

By Petr Topiarz 
For a long time there was nothing like security updates 
for OpenBSD packages. Now, the company, M:Tier, has 
introduced a new long-term support and update service 
for OpenBSD. 


<1<44 FreeBSD in Xen Cloud Platform (XCP) 
By Egoitz Aurrekoetxea Aurre 
The Xen Cloud Platform (XCP) is an ISO that installs onto 
your host, providing a complete enterprise-ready out-of- 
the-box server virtualization and cloud computing platform 
after install. This article will list XCP’s advantages and will 
show how to take them with FreeBSD. Moreover, it will 
demonstrate how to run FreeBSD in XCP. 
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The British Broadcasting 
Corporation (BBC) 


has abandoned a $150m IT project and suspended the 
CTO responsible. What is itaboutlarge §@ scale public 


sector IT projects that causes them to be \ synonymous 
with failure? . 








ere we go again. Another large IT project funded by taxpayers’ money has hit the 

H wall. Of course there will be an investigation, much finger pointing, “lessons will be 
learned”, and further down the road, history will no doubt repeat itself once again. 

The defence, health, employment, and nuclear sectors have been other recent victims of 

failure, but it seems that the message is not getting through — whether using outsourced 

or in-house resources, the spectre of catastrophic project failure looms large. 

lf we look at other sectors, we very rarely hear of major project failures. When 

was the last time it was announced that a major automotive manufacturer failed 

to build a new plant or an aircraft manufacturer abandoned the production 

of a new aircraft? Of course, there is always the financial problem — costs 

escalate, and the project is no longer viable. How many times have we 

heard of costs doubling, tripling and more — yet it all depends on how 

vital it is to complete the project. Sometimes the plug is pulled (as in 

this case). In other cases, the project carries on until something is 

delivered. Comparing the building and IT sectors, construction proj- 

ects seem to run almost flawlessly, yet the models used (Strong proj- 

ect management, tight budget controls, using specialist contractors 

etc.) don’t always seem to translate into the IT environment. At first 

glance, this seems illogical — both sectors are engineering based, 

the science is well understood, and there are lots of examples of 

good practice to use as a template. So what is it that plagues the IT 

industry with so many public and embarrassing failures? 

The first problem is that we are dealing with highly complex sys- 

tems. System A may be very stable, reliable, but slow. It doesn’t scale. 

It was designed and built quite possibly in an age before the Inter- 

net was conceived. Yet it is the bedrock of the enterprise, everybody 

knows that it works, but at some point, additional functionality and ex- 

pansion are required. It would be too costly to take it out and start again. 

The amount of downtime to the organisation would be prohibitive, and mi- 

grating the system to another platform would be financially prohibitive and make 
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British Broadcasting Corporation 


the project too risky. So over the years, compromises have 
been reached, bits have been bolted on (quite possibly un- 
documented) and the engineer responsible is long gone. 
The system has evolved way past its original specifica- 
tion and morphed systemically into something very differ- 
ent from what was originally commissioned. Quite possibly, 
due to organisational or social culture and the refusal to 
accept that knowledge is a priceless asset, there is a short- 
age of experts on that system. This became clear when fix- 
ing Year 2000 issues. COBOL for years was considered a 
dead language. Then suddenly, enterprises realised they 
needed expertise that had been squeezed out of the mar- 
ket by lack of demand. Suddenly, if you were a COBOL ex- 
pert, you could just about name your price. 

There is also a degree of reticence about sharing and 
documenting knowledge that will decrease your value in 
the marketplace. Once again, the thorny issue of Intel- 
lectual Property raises its ugly head. Where do you ethi- 
cally draw the line between personal innovation and the 
property of your employer? Most engineers | know thrive 
on solving problems and continually want to improve sys- 
tems and make them better for their users. This clashes 
though with the commercial reality wnere employers want 
a complete “knowledge dump’ and then expect this to be 

handed over to an outsourcing company to be supported 
at a fraction of the cost. Is it any wonder 
that systems documentation is 
often of such poor quality? 
Then there are the po- 
litical and commercial 
drivers behind the sys- 
tem. The old adage 
goes “You can have 
it cheaply, quickly, or 

properly. Pick 2”. Too 
often, compromises 
are made at the ear- 
ly stage of the proj- 
ect that have a ma- 
jor impact on either 
how long it will take 

(missed deadlines) 

or on the amount of 

resources required 

to accomplish xX, 

Y, or Z (Cost over- 

runs). The rules are 

really quite straight- 
forward: keep it as 
simple as possible and 
design for extensibility and flex- 
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ibility, but make sure the foundation is strong and has suf- 
ficient redundancy to accommodate unexpected changes 
in the future. In other words, you need to hit that sweet 
spot between an under- and over-engineered system. 
The essential thinking is this — assume the project targets 
are subject to change without notice and pick the technol- 
ogy base that gives you maximum flexibility, so that you 
will not have to start from scratch if the game changes 
dramatically. 

Finally, there is the inherent disconnect. Every project 
has a few, to some degree or another, and this is probably 
the key reason why the BBC project failed so miserably. A 
minor disconnect will come back and haunt you for years, 
but it will not have a major impact on the overall viability of 
the project. Provided you are aware and don't try and build 
on it, the project should be a success. A good example of 
this is where a section of the project is contracted out and 
the supplier delivers just enough to tick all the boxes, but 
everybody knows the code and inherent design is poor and 
getting the supplier to engage is hard work. Legally and 
contractually, they can walk away, but everybody knows in 
their heart of hearts that in a year or two, that work will 
have to be redone from scratch. With good fortune, the sys- 
tem itself will carry on until end of life without any major im- 
pact. A major disconnect, on the other hand, will cause the 
project to break. Inevitably, this comes from disregarding 
the “cheaply, quickly, properly” rule, or to use more formal 
project management language, the triple constraint mod- 
el. For whatever reason, it is decided that the project can 
support three rather than two immutable deliverables, and 
then havoc reigns. The tragedy is that this will have been 
raised at some point, but there are none so deaf as those 
that wish not to hear. As often in large organisations, the 
culture prevents open and honest communication, and it 
takes a brave individual to swim against the tide and de- 
liver bad news or resist the official line. Worse still, rather 
than having a strong unified focus and leadership, we have 
fragmentation with committees, different contesting philos- 
ophies, and the attitude that “it is the other guy’s problem’. 
The elephant finally enters the room — never to depart. 


ROB SOMERVILLE 

Rob Somerville has been passionate about technology since 
his early teens. A keen advocate of open systems since the mid 
eighties, he has worked in many corporate sectors including fi- 
nance, automotive, airlines, government and media in a vari- 
ety of roles from technical support, system administrator, de- 
veloper, systems integrator and IT manager. He has moved on 
from CP/M and nixie tubes but keeps a soldering iron handy 
just in case. 
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Installer 


Sofin, the Software 


If you've ever tried building software for your server without 
getting mad and frustrated, without approaching endless 
problems with software requirements, user demands and that 
entire mess, you should probably know that there’s a solution 
available that addresses these problems. It’s called Sofin. 


What you will learn... 

¢ How software is built nowadays in the Open Source world. 

« Why you should avoid the way of building software that’s current- 
ly considered the standard, and look at something that’s designed 
better. 

¢ How Sofin cures your headaches -— the details not mentioned in the 
project README fille. 


currently used has its own way of approaching 
software. I'll explain it by example: 

Let's assume you have a clean installation of your fa- 
vorite OS base. It’s FreeBSD 9.1 in my case — that’s my 
major production server platform of choice. There’s /usr/ 
bin, /usr/sbin and /bin, where all base system software 
executables reside. In short — every piece of software is 
put into a “common bag’ of binaries (bin, sbin) and librar- 
l€S (lib, 1ib32, 1ib64). If you want to use software which 
isn't provided by your base system, say Ruby 2.0, you'll 
need to install it manually. I'll skip the part about installing 
software from prebuilt binary packages, mostly because 
you won't find my example software in binary builds, and 
you won't find binary builds for “your software”, especially 
if you're dealing with custom or old server configurations. 

So you end up building it from source manually or through 
ports. Each additional software built from source will go into 
yet another “common bag’ in /usr/local/ by default. 


B asically, every *NIX compliant server system that’s 


So, what's wrong with this approach? 
The thing is — when you're creating a server, you usually 
want it to be used by your users, right? A user is an unpriv- 
ileged entity that only wants to run some software. 

Users demand that you build reliable software for them 
to use. But you can’t give them that with an FHS approach 
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What you should know... 

« You should know how to build software from source. 

¢ You should know what a shared library is and have some basic un- 
derstanding of how compiler and linker work. 

- Ifyou want to make your own software definitions, you should have 
(at least) basic knowledge on shell scripting. 


to software. I'll explain by another real life example: Let’s 
assume that, after Ruby, you’ve also installed Post- 
greSQL, MySQL, Redis, Imagemagick, Cairo and a few 
other pieces of software in your /usr/local/ bag. You end 
up with tons of common libraries (that you usually know 
nothing about), all put in just one place. 

It should be fine, right? Not even close. Try to uninstall 
some of them now. No make uninstall available. What now? 

But the real fun begins when you want to do a secu- 
rity update for one of your libraries that’s commonly used 
(and shared) by some software. How many times did you 
do an upgrade of ports binaries/libraries and then end up 
with a part of the software broken? (For *BSD there’s an 
UPDATING file in ports with information about how to do 
software updates, but usually it gives you nothing, and the 
problem remains, which, in short, depends on which ports 
you installed, in what order, and so on). 

| had enough after a couple of times of reinstalling all 
my software because of one library change. My system 
became a mess and | lost control of my software and their 
dependencies. But this is only one side of the coin. There’s 
more: for example, what will you do if you have two appli- 
cations that require different versions of the same library 
to be linked with? 

The solution is to do some kind of a hack — usually by 
building a prefixed library, prefixed binaries, or by giving op- 
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tions manually to a build script and so on. After a couple 
hacks of that kind, you still end up with a mess on your pro- 
duction machine which — | assume — is simply undesired. 

Possibly the worst of all — you need to remember what 
did you do to make it work. There’s also the third side of 
the coin, user privileges. 

Ruby is a great example of such an issue. If your us- 
ers want to install their gems (doesn’t matter if they use 
Bundler or not), they'll require root privileges to write their 
gems into default /usr/local/lib/directory. Those gems 
will be common for all users but not their own. This is 
where all the hacky solutions like robenvand rvm are “shin- 
ing?” Not at all. They’re just ugly hacks, created on top of 
bad software architecture. Believe it or not, these prob- 
lems are just the tip of the iceberg. 


How Sofin was born 
Some say that the best software is born thanks to a develop- 
er’s rage. Sofin was one of those projects that started spon- 
taneously after | just gave up hacking one of my servers. 

| wanted my software to be reliable, without shared de- 
pendencies, bundled, owned by user, yet fully customiz- 
able. | wanted it to work on all POSIX-compliant systems 
and to be designed with simplicity in mind (KISS rule). | al- 
so wanted it to be BSD-licensed because I’ve had enough 
fighting with GPL/GNU stuff. And well... Sofin was born. 

Sofin celebrated its second birthday in May 2013. Cur- 
rently, there are more than 200 definitions of server soft- 
ware available. You may think that 200 is nothing when 
compared to 20,000 ports. Yes, but how many of these 
ports definitions actually work? And how many of these 
are just X11 utilities? Which are just as dead, obsolete, 
or simply broken, and which aren't maintained anymore? 

All Sofin software definitions are tested and used on 
FreeBSD 9.1, Debian 6.0, and Mac OS X 10.8. There’s 
a policy that a definition isn’t accepted in Sofin’s reposi- 
tory unless it builds and installs correctly on all supported 
systems. 


Sofin in depth 
Differences from FHS standard in real life 
In the late 90’s, we had small disks. | used to work on a 
machine with 840 MB of disk space. This was probably 
the major reason for the FHS rule about keeping software 
in common prefixes: /usr and /usr/local — simply to save 
space. Each software depending on library X could just 
link to it in one common place. It was sufficient for simple 
software, simple solutions. 

But the world is moving forward. Today, | have at least 
1 TB of disk space on each server that runs software with 
tons of features and dependencies. 
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The main idea of software bundling in Sofin was to get 
rid of that system-wide “shared nature” of binaries and li- 
braries. | wanted to stop using /usr/local (Sofin will warn 
when this folder will exist on the production server) and 
never touch base system files in /usr. Each Sofin pack- 
age has its own “root” directory (similar to that in /usr). By 
default, it’s ~/Apps/YourApp/ where all software, libraries, 
and dependencies reside. 

Here’s why | mentioned disk space in the first place: 
each piece of software has its own copy of dependen- 
cies, hence they use more disk space. Usually it’s up to 
3 times more space than standard software. Not an issue 
these days, right? For some people who are more famil- 
iar with the BSD systems family, a software bundle might 
look similar to PB] packages from PC-BSD, but PBI bun- 
dles are far from simple. They’re too complicated to define 
something as simple as software bundle. 

The second difference is that PBls aren't designed to be 
server software at all, they’re just an imitation of an*. app 
bundle used by Apple. One more difference from the FHS 
approach is an additional exports directory in the root of 
each Sofin bundle. It adheres to the closed dependency 
model and is designed to provide access only to binaries 
that a user requires. The very important thing to know is 
that Sofin’s shell setup won't ever set default spatu access 
tO ~/Apps/YourApp/bin/ NOM ~/Apps/YourApp/sbin/, but on- 
ly to ~/Apps/YourApp/exports/. If you want to have imme- 
diate access to a command from YourApp bundle, you'll 
need to add it to app Exports in Its definition, or manually 
frUN sofin export your-command yourapp after installation. 
That’s it. Let’s take a closer look at some more features. 


Design assumptions 

Sofin is written in probably the most primitive of all shell 
languages, the legacy sh. The surprising fact is that this 
simple language is probably one of the most powerful utili- 
ties to write software like Sofin. All configuration and every 
definition is also written in sh, hence you have the built- 
in scripting language into definitions for free. It gives you 
something that’s very important: flexibility. 

Here comes one of Sofin’s major features — system in- 
tegration with minimal interaction. By default, Sofin works 
in two modes: for user or for super user. When building 
software for regular users, it’s put into ~/Apps/yYourApp/. 
When building it as a super user, it goes into /software/ 
YourApp. For a regular user, ~/.profile file is generated 
after each software installation/uninstallation. For a super 
user, Sofin modifies /etc/zshenv, /etc/bashre and /etc/ 
profile files once (when installing Sofin) to support any sh- 
compliant shells, and then regenerates /etc/profile sofin 
(the equivalent of user’s ~/. profile). 
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The idea behind /software directory was to give the 
ability to install “base system extension software” without 
interacting with /usr/bin and /usr/1lib. By default, soft- 
ware from /software directory is common for all users (for 
example ccache, Clang, Git and zsh are recommended to 
be installed in /software). 

When building software as user, all software belongs 
to that particular user. It is very important that nobody in 
the system has access to your applications directory, and 
after a build, you can freely copy the entire app bundle to 
another machine and it will just work. The requirements of 
each software bundle comes from its own bundle and/or 
base system. No external dependencies are allowed. (At 
the time of writing this article, I’m working on binary builds 
for Sofin which will give the ability to skip the software 
build process, with drastic time savings and the additional 
ability to move software between users). 

The next major feature is flat dependencies. Each soft- 
ware definition has its own, optional list of dependencies 
that will be installed in a given order before the very soft- 
ware. Sofin automatically detects library dependencies 
and builds destination software with them. 

| won't mention all the Sofin features. If you’re interested 
in all of them in detail, | already mentioned them on the 
project page at GitHub. 


Installation and deployment: how Sofin affects 
environment 

Installing Sofin in a new system might be considered a 
non-straightforward task. You start with installing Sofin it- 
self (using detailed information obtained from the project 
page). Remember that the Sofin installation process is 
slightly different for each system family. The thing | didn’t 
mention in the installation process on the project page is 
the deployment process of Sofin itself. After the installa- 
tion, it's very important to do sofin install base aS Su- 
per user. It will install the base software like clang and 
Ccache which is widely used by Sofin to build software lat- 
er. If Sofin won't find /Software/Clang/exports/clang (and 
clang++), it will require gcc (and g++) installed in the sys- 
tem. Please consider gcc/ g++ slow and faulty — try avoid- 
ing these! Depending on your system, GNU compiler 
might fail to build certain software, and it’s not widely test- 
ed (note that there are definitions, with defined require- 
ment on gcc, hence it’s still required to be installed). By 
default, Sofin will try to use clang to build each software. 
If it also finds ccache, it will give you a speed boost when 
youre compiling similar software dependencies between 
installed software. It also supports parallel builds by de- 
fault (the amount of parallel tasks is equal to the amount 
of CPU cores available on your server). If the given soft- 
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ware doesn’t support one of the default approaches, they 
might be turned off explicitly in the definition file. 

The next important issue is a shell implementation itself. 

Currently, the best supported shell is zsh (it’s installed 
with “base” by default), so it’s recommended to use a shell 
that reads standard shell initialization scripts on launch (/ 
etc/zshenv for zsh). If something is not working, it’s usu- 
ally caused by improper shell configuration or conflicts 
caused by some third party software. Sofin demands (yes, 
it's not a policy but a requirement) sysadmins to have a 
clean system/ shell/ software configuration. 

The next thing, which is very important for new users, is 
to invoke sofin reload (once every first user login). 

It will (re)generate the ~/.profile file and cause the cur- 
rent shell to reload it automatically. After that, you're free 
to install any defined software. After each installation, a 
shell reload is done automatically for the current shell, and 
the software is available to run immediately. If you’re run- 
ning multiple shell environments at once, you may require 
a sofin reload after the installation of new software. 


Available definition features 

Software definitions are based on a default definition in 
“defaults.def’. This file contains all available settings that 
might be set for each definition. I'll mention only some of 
the ones that may not be as self-explanatory as the rest: 


* APP NAME — name Of the software. It’s a special val- 
ue, used to name the software bundle directory. 

* APP HTTP patH — the address of the definition 
source archive. 

¢ FORCE GNU COMPILER — an option to tell Sofin that the 
given definition can't be built using the Clang compil- 
er. 

* APP NO CCACHE — Set to anything but “”, if your soft- 
ware doesn’t support building with Ccache. 

* DISABLE ON — an option that’s required for software 
that isn't working on some systems. It’s a space-sep- 
arated list of system names (uname) on which the 
definition build will be skipped. 

* APP EXPORTS — a Space-separated executables list 
taken from bundle bin/, sbin/ and libexec/ directories. 
Defines binaries to be exported for the given software 
bundle. 

* APP REQUIREMENTS — a Space-separated list of defi- 
nition names (without .def extension) to be installed, 
before the given definition itself (defines software de- 
pendencies). 

* APP AFTER * CALLBACK — Callbacks invoked after 
given stages of the build, where ™’ is a stage name. 
Current stage names (in order of execution): unpack, 
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CONFIGURE, MAKE, INSTALL, PATCH, EXPORT. Callback 
might contain shell commands or sh function name 
(this function must be defined in the definition itself), 
which will be called by name. For an example, look 
on sbt.def in available definitions. 

¢ app sHA — SHA1 checksum of the source archive of 
the given definition. If the check fails, Sofin will as- 
sume a truncated/broken file, and retry a download 
from the software source server. 

* APP CURRENT VERSION — used to determine the avail- 
ability of a new software version (usually from the 
software home page). Look into ruby.def definition for 
an example. 

* APP CONFLICTS WITH — a space-separated list of 
Bundle names (capitalized), that will export the same 
binaries as a given definition (under the hood -— it just 
renames exports/ to exports-disabled/ for each con- 
flicting definition). 

* REQUIRE ROOT access — Set for definitions that must 
be built as root (for example, Openafs which includes 
kernel module). 


Sofin in action 

Sofin supports two “kinds” of definitions. The first is a regu- 
lar definition (*.def files — more details in README file in 
the git repository) which has all the information required 
to build the given software. The second is a definitions 
list, which is just a simple text file with newline separated 
names (again without extensions) of definitions to install. 
In the sofin install base example above, the “base” part 
is just a name of a list that includes mentioned software 
definitions. Sofin will automatically recognize which one 
is given. Most common usage of Sofin is: sofin install 
softwarename and sofin remove softwarename. Most of the 
time, it's the only thing you want to do. “You want to type 
one command and get your software” — this was one of 
my major thoughts when | was starting to write Sofin. But 
there’s one more important thing to mention. By default, 
software lists and definitions (with software patches) are 
just a plain bz2 archive put on an http server. Sofin isn't 
updating those definitions on each run. To get fresh defini- 
tions from a server, you need to run sofin update. The thing 
is-- they’re only user side definitions. Each user may have 
different local versions of them, and these definitions do not 
affect other users. One more common feature of Sofin, is a 
partial software upgrade. For example: to upgrade libffi in a 
Ruby bundle, you need to call sofin upgrade libffi ruby. 
It might be confusing, but the command works as it would 
in natural language: “use sofin to upgrade libffi dependency 
in Ruby bundle”. Sofin will automatically detect rebuilt de- 
pendency and invoke a rebuild of ruby itself. It’s important 
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to mention that the upgrade process isn’t perfect yet — it’s 
one of the features that might fail with certain definitions, so 
please keep that in mind. It tries to look for patterns of up- 
dated definition names and removes matching files from a 
bundle before doing the upgrade, but it’s just very tough to 
test all the possibilities. In case of a failure, just rebuild the 
whole software from scratch. 


Implemented utility commands and hidden 
features 
Sofin comes as a shell command. The launcher itself is 
written in C++ to fully support lock file functionality which 
is used by Sofin under the hood to avoid some issues 
(mostly to solve launching two conflicting commands at 
once). If one software build is already in progress, the 
second instance of Sofin will wait until the first is finished. 
Here’s a list of additional Sofin commands with short 
explanations: 


* sofin list — Lists all installed bundles owned by the 
current user. Use sofin fulllist to get a list with de- 
pendencies included. 

* sofin available — Shows the list of all definitions 
available to install. 

* sofin vars — Generates the sh-compliant dump of ENV 
values, based on the currently installed software. 

* sofin log — Probably the most useful command if you 
want to see what’s going on under Sofin’s hood. It will 
show the software installation progress log, including 
all commands invoked during the process. 

* sofin ver — Shows Sofin’s version. 

* sofin outdated — Shows software bundles installed by 
Sofin that are outdated. 

* sofin clean — Removes source packages cache. It al- 
so Clears the installation log. 

* sofin dependencies — One of the rarely used features 
that might be used for dedicated software. It reads 
$(cwd)/.dependencies file as software list, and installs 
software from it. 

¢ DEBUG=true sofin anycommand — Turns on debug log- 
ger if youre really interested about details (prints in 
magenta to the standard output). 


Some comments about the development 
process and Sofin’s issues 
Sofin isn’t the ideal software, but it has already proven to 
be very useful in several production environments. Here’s 
the thing: | don’t want to hide any of its pitfalls because | 
don't have to. 

Sofin is built to always be production-ready software. 
This means that, if your software doesn’t build, then in the 
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On the Web 

e Sofin project page 

e TheSS project page (currently in development) 
e My website 


Glossary 

e KISS — the acronym of Keep It Simple Stupid. Methodology 
to software development with simplicity in mind. 

e FHS - Filesystem Hierarchy Standard. 

e POSIX -— compatibility standard between operating sys- 
tems (used by BSD, OS X and Linux). 











vast majority of cases, it will be caused either by an error 
in definition or by an issue with the software itself. 

Sofin’s core has been almost untouched since the be- 
ginning of the project and is only extended with new fea- 
tures from time to time (usually on request). 

But of course, there are a few limitations. First of all, 
the default definition source is placed on my private HTTP 
server. If you want to host your own definitions, you'd 
need to reconfigure Sofin for your needs. The second ma- 
jor pitfall is that it requires XQuartz on OS X hosts to build 
some definitions. | couldn't find a better solution for Mac 
OS X without Darwin-specific hacks on X11. 


TheSS, Sofin-based software management tool 
Parallel with Sofin, the second project called TheSS, is 
under heavy development. It was closed source, but this 
year | made it public (BSD-licensed as well). 

In short, it uses software built by Sofin to easily perform 
software deployment (including the support for web appli- 
cations of any kind). 


Summary 

Sofin is free software. The content of this article covers 
only a part of the design patterns used internally. Feel free 
to support this project in any way. I’m easy to find — there’s 
only one dmilith. 

I’m open to suggestions and improvement ideas. Please 
feel free to contribute. If you want to get more details, just 
find me online, and I'll try to explain every detail you might 
want to know about Sofin and TheSS. 


DANIEL (DMILITH) DETTLAFF 

Sysadmin of several medium companies in Poland. Enterprise 
and cloud hater. Currently working at Monterail.com, LLC. Work- 
ing on building self-healing, self-manageable, distributed, Al- 
driven systems. He makes new ideas real while systems are auto- 
matically doing his work. Constantly learning about how to be- 
come a good software architect. Musician, lyricist, and writer in 
his free time. (Thanks to Dominik Porada and Michat Hewelt for 
help with my horrible English grammar) 
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They all use Nipper Studio 


to audit their firewalls, switches & routers 


Nipper Studio is an award winning configuration auditing tool which 
analyses vulnerabilities and security weaknesses. You can use our point 
and click interface or automate using scripts. Reports show: 


1) Severity of the Threat & Ease of Resolution 
2) Configuration Change Tracking & Analysis 
3) Potential Solutions including Command Line Fixes to resolve the Issue 


Nipper Studio doesnt produce any network traffic, doesn't need to 
interact directly with devices and can be used in secure environments. 
evaluate for free at 
www.titania.com 
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A Backup Server 


with FreeBSD for Mixed Networks in SOHO Environment 


Backing up servers and clients is an essential task that should be 
carried out on a regular basis as it helps prevent the loss of data. 
The backup tasks can be performed in two different ways, using 
automated software or by running the software manually. It is 
essential, however, to make sure that the backups are working 
properly and running on a regular basis. 


What you will learn... 

- Using FUSE to mount remote filesystems 

¢ Using ssh keys to remote access ssh server without passwords 
« Back up mixed networks with FreeBSD 


users. For a company such as a web hosting ser- 
vice, it is essential to have a copy of the sites and 
databases of the customers as they are completely reliant 


7 he server backups may include data from external 
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Figure 1. Our Test LAN and DMZ scenario 
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What you should know... 
« Minimum scripting knowledge 
« Minimum networking concepts knowledge 


on the web host to keep their sensitive information safe. 
Backups are fundamentally necessary for disaster recov- 
ery. In the case of a server failure, a backup makes it pos- 
sible to retrieve data from the server offsite. 
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Having backups always available makes it easier to mi- 
grate data if you intend to move the data from an old server 
to a new one that is in the DMZ itself, or at another location. 

From the examples above, it is easy to understand how 
important it is to make backups of servers and clients. You 
could even say that this is a fundamental task for business 
(Figure 1). 

FreeBSD once again demonstrates its flexibility. As 
you will see later in the article, it will be possible to create 
a dedicated server that will allow you to create backups 
of Windows machines via the CIFS protocol, Unix ma- 
chines via SSHFS, and either OS using an FTP server 
with curlftpfs. 

It is also possible to make backup copies of databases, 
using scripts integrated into the task (in particular, you will 
see an example using mysqldump). 

Everything will be handled in an automated manner us- 
ing cron jobs managed by the software rsnapshot, the 
heart of the backup system. 





Listing 1. Packages Setup 


Progecdds ay satibasosemoe Puente 
pkovaddy =~ sy mysqlel-cltent 

jolc) etclol == sr josie LO Nels Sine 
pkopaddl =pa-\ fuse 

PGC ao Ae aliccreo kmed 
Pema ey sane VerUceecmocims 
Phgecde) =] >) flisebe-Clisit vers 
jQltej evelol gy te sine oyslavene, 

Progaddi se “Vv sch copy -ud 


Listing 2. Packages Setup 


portsnap fetch 
portsnap update 
ede ust / pores) frp, vobepd 


make install clean 


Listing 3. Rc.conf setup 


fbsd-bkpsrv#cat /etc/rce.conf 


#hostname=”"fbsd-bkpsrv.localdomain” 
hostname="fbsd-bkpsrv” 
Ppeconte gen — OHCE 

mi conc en —| DICE 

keymap="1t.1so0” 
MOUScOneRabIe=" Vio” 
Sene@uenanle= hs 


fusets enable iho” 


VeCEpdeenalbile— Vio” 
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To create a good backup strategy, one needs to do an 
analysis of the resources that store the data to be protect- 
ed. Ina SOHO network, this can be a LAN and a DMZ that 
exports outside services, such as a web server. Imagining 
that your clients will use Windows or Mac OSX as well as 
Linux and FreeBSD, CIFS is a good way to share data in 
a simple manner within the network itself. 

If you have servers located in the DMZ such as SSH, 
FTP and SQL, you can mount these resources as local 
folders within the backup server and then manage the 
backup pool with the appropriate cron job. 


Backup Server Packages Installation 

lt was decided to use the 8.3 version of FreeBSD, due to 
some unresolved bugs on the port of curlftpfs. In addition, 
for easy restoration of the data, the daemon Vsftpd has to 
be activated on an ftp server. Of course, this is only one of 
the possible solutions. To manage the backup of a mixed 
network, one needs to install a set of packages on our 
server: Listing 1. 

In order to have the latest version of vsftpd, it needs to 
be installed via ports (Listing 2). 

Once you have installed all the packages, you're going 
to do all the individual configurations. In particular, it will 
be necessary to set the rc.conf file as follows, in relation 
to the networks of Figure 1 and Listing 3. 

Once the server has restarted, you will see the new ac- 
tive modules in the kernel as shown in Figure 2. 


fbsd-bkpsrv# kidload 
usage: Kidload [-qv] file . 
fbsd-bkpsrvt kldstat 
ld Refs Address A eal 4 
1 eo be sla lsls lai edad tee | 
2 Seabee islet tel ols mm ets) ss 
ieee sols ee lols 
eae elo ew) aaa 
5 aes beets Bele) so) si) meee) | a) 
fbsd-bkpsrvti | 


yl Ss 
kerne | 
lee ae 
ta ee 


eee ee eee 
libechain. ko 





Figure 2. Kernel Modules loaded after reboot 





Figure 3. Our backup server original mount points 
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One of the active modules will be “fuse.ko”, which has a 
particular function in that it allows non-privileged users of 
a system to create their own file system without the need 
to write code in kernel level. This is particularly useful for 
writing a virtual file system, which does not actually store 
the data on its own, but mediates between the user and 
the underlying real filesystem. FUSE is the module that 
allows you to use SSHFS filesystem with CIFS and curlft- 
pfs (Figure 3). 


SSH login without a password for SSHFS on 
FreeBSD 

In order to create tasks for automatic backup via SSH, it is 
necessary to establish a certain level of trust between the 
computers. To do this, one can resort to the use of pairs of 
keys. First create a key pair on the local machine for user 
root. Listing 4. 

We call the machine tocaL MACHINE and your username 
will be root. Now you need to copy the public key on the 
remote machine (remote machine) with ‘root’: Listing 5. 

From now on, the user root@remote machine will trust 
USEF root @LOCAL MACHINE and it will allow access without 


asking for a password. If that fails, you will have to edit / 
etc/ssh/sshd config on the remote machine, add the fol- 
lowing lines, and restart ssh: Listing 6. 

We have already installed packages: Listing 7, and en- 
abled FUSE for system start up via rc.conf (Listing 8). 

After the reboot, if one can ssh to the remote machine, 
one can at least mount their own home directory via SSH 
(Listing 9). 


FreeBSD mounting remote CIFS resources 

We have just loaded the fuse module and installed the 
smbclient package which provides the utility mount smbfs 
that will mount a share from a remote server using SMB/ 
CIFS protocol. You can easily mount a NAS share using 
the following syntax: Listing 10. Where: 


* NETBIOSNAME: COnnection to the FQDN or IP of the re- 
mote workstation or server 

¢ USERNAME: the login user name. 

* NETBIOSNAME - : NETBIOS Server Name. 

* /data - : CIFS share name. 

¢ /mnt/net/NETBIOSNAME — : local mount point directory. 





Listing 4. Ssh daemon and client key configuration 


nO OC NOC cue McKe Wes owes Cl emer 

Generating public/private rsa key pair. 

Enter file in which to save the key (/home/root/.ssh/ 
ECs): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/root/.ssh/ 
el ies: 

Your public key has been saved in /home/root/.ssh/id_ 
eSieeoulo = 

The key fingerprint is: 

Sade ZS ten 7 ers 777 MAGA Go fete Ale boris Che aoor 
local imachiune 

The key’s randomart image is: 


+--[ RSA 2048]----+ 


=K++ 











Listing 5. Ssh daemon and client key configuration 
Sel-copy-1d- ~/ .ssil/ 1d erse. pub rooee remote machine 


Listing 6. Ssh daemon and client key configuration 


RSAAuthentication yes 
PubkeyAuthentication yes 


Listing 7. Ssh daemon and client key configuration 


fusefs-kmod 


fusefs-sshfs 


Listing 8. Ssh daemon and client key configuration 


# enable File System in User Space 


IU Sens) Ciolelollic Cao 


Listing 9. Ssh daemon and client key configuration 


Sales Uscememelisnocs machine ~/moumMc jOOmec 


Listing 10. Samba client configuration 


# mount smbfs -I NETBIOSNAME //USERNAME@NETBIOSNAME/data 
/mnt/net /NETBIOSNAME 


Listing 11. Samba client configuration 


[NETBIOS NAME: USERNAME ] 
password=PASSWORD 
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In this way, however, it will be prompted for the password 
at each login. To avoid the password prompt, we need to 
create a ~/.nsmbrc file as follows: 


# emacs ~/.nsmbrc 


Enter the username and password as follows: Listing 11. 
Mount the remote CIFS folder as follows: Listing 12. 
With the -n option, one forces the system to read the 

~/.nsmbrc file for additional configuration parameters and 

a password. 


How to use FTP filesystem on FreeBSD with 
CurlFtpFS 
It often happens that some web hosting companies do not 
offer shell access (SSH or Telnet) to your shared hosting 
account for security reasons. This makes it more difficult 
to do regular maintenance of the file system on your web 
server. Despite that the use of a normal ftp client is suffi- 
cient for the majority of cases, some people still prefer to 
manipulate files directly using standard Unix. This is pos- 
sible thanks to curlftpfs which allows you to mount a re- 
mote FTP as a standard file system on the Unix operating 
system, and this allows one to do backup tasks. If curlft- 
pfs is installed, you only need to do these steps to locally 
mount a remote folder: Listing 13. 

user:pass — IS the username and password to log into 
the ftp account. After that, you can change your working 
directory to the mount-point and use the regular Unix utili- 
ties to work on the files that are normally accessible with 
the FTP protocol. To unmount it, one can use the com- 
mand: Listing 14. 





Figure 4. Our server with remote mount points active 


In this way, however, it is possible to read clear text 
passwords in log files. To avoid this, we need to create a 
~/.netrc file as follows: Listing 15 and enter host, user- 
name and password as follows: Listing 16, Figure 4 and 
Figure 5. 


A FreeBSD local FTP Server to restore backup 
data 
Two words on FIP: 

File Transfer Protocol (FTP) is a TCP protocol for ex- 
changing files between computers. It does not use en- 
cryption for user credentials and, unless merged into an 
SSL connection, the data is transmitted in the clear and 
can be easily intercepted. FTP works on a client/server 
model and the server component is called an FIP dae- 
mon. It is always listening for FTP requests from remote 
clients. If you have a request, it handles the authentica- 
tion, keeps the connection alive for the duration of the 
session, and executes the commands sent by the FIP 
client. Access to an FTP server can be managed either in 
an anonymous or an authenticated mode. In the Anony- 





Listing 12. Samba client configuration 
# mount smbfs -N -I NETBIOSNAME //USERNAME@ 
NETBIOSNAME/data /mnt/net/NETBIOSNAME 


Listing 13. Curlftpfs client configuration 


mkdir /mnt/net/ftp 
curlftpfs -o allow other ftp://user:pass@ftp host name 


Listing 14. Curlftpfs client configuration 


umount mountpoint 


Listing 15. Curlftpfs client configuration 


+ CMacs-/ -nmenre 


Listing 16. Curl/ftpfs client configuration 
Nace ilo: Mest a ialie 
login user 


password pass 














Figure 5. All credential files 
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mous mode, remote clients can access the FIP server 
using the default user account called “anonymous” or “ftp” 
and by sending an e-mail address as the password. In the 
authenticated mode, a user must have an account and a 
password. User access to the FTP server directories and 
files depends on the permissions defined for the account 
used to login. As a general rule, the FTP daemon will hide 
the root directory of the FTP server and change the FTP 
home directory. This hides the rest of the file system from 
the remote sessions. 


vsftpd — FTP Server Configuration 

Setting up an FTP server is beyond the scope of this ar- 
ticle; however you should choose to create a basic service 
that enables access protected by username and pass- 
word in the local networks (Listing 17). 





Listing 17. Vsftpd server configuration 


# cat /usr/local/etc/vsftpd.conf 

LS ited aS 

anonymous enable=NO 

enon upload vena le=Ne 

anon mkdir write enable=NO 
background=YES 

OC aleec Maples 7 Es 

Wiebe seco —N@ 

Mie alogmenceke= vas 

Ecol lean oWeoumle cor INN RIE exiewalcre 
EN eocte ero tpenciole— vine 

ceoor lise wiles) local) eco weit coc, cleo lise 
User erst pemclolic—vils 

User Ese ceny— © 


cows Wiehe albilic yelieoou— MES 


Listing 18. Vsftpd server configuration 


i Cate Ust/ local/ere/ Voted civoou sist 
ULE Ee 
backup 


rsnapshot 


Listing 19. Vsftpd server configuration 


# cat /usr/local/etc/vsftpd.user list 
ULeEnee 
backup 


LeMapslier 


Listing 20. Vsftpd server configuration 


# cat /usr/local/etc/vsftpd.ftpusers 
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So, as configured, vsftpd accepts connections from both 
the LAN and DMZ. It also allows access to users listed in 
the file vsfttpd.user list and access to data to those con- 
tained in the file VSttpd. chroot last (Listing 18-20). 

The file /usr/local/etc/vsftpd.ftpusers IS empty by 
default. Access to the FTP server is read-only, because 
it is not good to be able to accidentally erase our backup 
file! 


Rsnapshot with FreeBSD to manage backup 
data pools 

For anyone who has never heard of rsnapshot, it is a 
program that allows you to create “snapshots” of the file- 
system. You can take incremental snapshots of local and 
remote file systems for any number of machines. Snap- 
shots of local file systems are handled with rsync, a mile- 
stone in Unix backup tools. Secure remote connections 
are treated with rsync over ssh while anonymous rsync 
connections simply use an rsync server. Both remote and 
local transfers depend on rsync. Rsnapshot saves much 
more disk space than you might imagine. The amount 
of space required is about the size of a full backup, plus 
one copy of each additional file that is changed. Rsnap- 
shot makes extensive use of hard links, so if the file does 
not change, the next snapshot is simply a hard link to the 
exact same file. 

The architecture of the server backup made allows you 
to “see” the remote folders as local, and for rsnapshot and 
rsync, it is easy to manage pool copies of this kind. 

Starting from a root directory, rsnapshot allows you to 
create a number of subfolders by date. Each of these sub- 





Figure 6. Our server rsnapshot.conf 
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folders, organized by host, will contain the data for incre- 
mental backups, as shown in Figure 5. 

The configuration file presented performs one cron job 
daily and one monthly, so you have a valid backup set. It is 
crucial to remember that the configuration file only allows 
tabs as a separator character (Listing 21 and Figure 6). 

Within the configuration, the time intervals for perform- 
ing backups are set using the parameter “interval”. They do 
nothing but run the cron job like the one below: Listing 22. 

Within the configuration, you can run custom scripts. (An 
example would be to mount remote file systems, another 
would be to make backups of a MySQL server.) The impor- 
tant thing is, that these files are on the inside of the paths 
in the PATH variable of the system (eg. /usr/local/bin). 





Figure 7. Our server when a backup pool is running (logfile) 





Figure 8. Our server when a backup pool is completed 
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Listing 21. rsnapshot configuration 


fate /Uct) local/etre/ronapshot cont 


Coulign Versrom 


eZ 


IMO NesesicS cool Il 


snapshot root /usr/local/backups/ 

cmd rm oan tam 

cmd rsync i Wis tay oe@all)/ loam, tas me 

cmd_ logger /usr/bin/logger 

cmd preexec / clstay oe arly io nay mown leacia 
cmd postexec (ise local bun, mysclbkioe cia 
interval daily C 

interval IO ental ele 

verbose Z, 

loglevel 5 

logfile /var/log/rsnapshot.log 
lockfile / ele) Hun esha shor. pid 
backup /usr/home/ localhost, 
bac kuio ete, localhost, 
backipo ~/ust/ locally etc7 LOC ereioc te 
backup /mnt/net/XPSP2/ XPSP2/ 
backup /mnt/net/XPWebSERVER/ XPWebSERVER/ 
backup /mnt/net/ftp XPWebSERVER/ftp/ 
backup /mnt/net/fw/etc/ fw/etc/ 
backup /mnt/net/fw/home/ fw/home/ 





#backup script 


/us«e/ local /bin/backup-mysql. sh 


localhost/mysql/ 
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To verify that the setup is correct, you can run rsnapshot 
with the “configtest” options, and if all is well, it should say 
— Syntax ox: Listing 23. 

With this configuration, you backup local folders: 


/usr/home/ localhost/ 
/etc/ localhost/ 
jusr/ local/etca/ localhost/ 


And remote folders are locally mounted: 


/mnt/net/XPSP2/ XPSP2/ 
/mnt/net/XPWebSERVER/ XPWebSERVER/ 
/mnt/net/ftp XPWebSERVER/ftp/ 
/mnt/net/fw/etc/ fw/etc/ 
/mnt/net/fw/home/ fw/home/ 


Seven times a week and once a month (Figure 7 and 
Figure 8). 

To automate all, you can create a small script “mount_ 
all” of which this is a simple example: Listing 24. 





Listing 22. rsnapshot configuration 


# cat /etc/periodic/daily/001.backup 

/usr/local/bin/rsnapshot daily > /tmp/rsnapshot.out 2>é&1 
|| cat \ /tmp/rsnapshot.out | mail -s 

“hostname ” 


“daily backups failed on 


\ antofrage@xxx.xx 


Listing 23. rsnapshot configuration 


# rsnapshot configtest 


Syntax OK 


Listing 24. scripts configuration 


#cat /usr/local/bin/mount _all.sh 


#!/bin/sh 
1¢- | “S(ls =A /mnt/net/XPSP2)” |? then 
umount /mnt/net/XPSP2 
NOUN ESMOmotis eo) WEenbeC Zo) mooo mus, 
mnt/net/XPSP2/ 
else 


echo “/mnt/net/XPSP2 is Empty” 


Ie DI SO eel alee Say y Deo Coa 4) ee iamcey, 





else 
echo “/mnt/net/ftp is Empty” 


curlftpfs -o allow other XPWebSERVER /mnt/net/ftp 





fi 
if || “Silo =A 7mmt/nec/ iw)” |. then 
umount /mnt/net/fw 
sshfs root@fw:/ /mnt/net/fw/ 
else 
echo “/mnt/net/fw is Empty” 
sshfs root@fw:/ /mnt/net/fw/ 
fi 


Listing 25. scripts configuration 


#cat /usr/local/bin/mysqlbkp.sh 

#!/bin/sh 

USERO="monty” 

HOST0O="XPWebSERVER” 

mMysqlduno =usUsERO—h SHOsTO —-all—databases) | oz1p2 —c 
a 

Myscily Cecert 7 oleod Eke sql bz7 








Rey ee ey, Listing 26. scripts configuration 
fi # cat /etc/hosts 
if [| “S(ls -A /mnt/net/XPWebSERVER)” J]; then # SFreeBSDS 
umount /mnt/net/XPWebSERVER # Host Database 
Moun Ee eMb is =N =f XPWebSEn Vik //utente@XPWebSERVER/ 
data /mnt/net/XPWebSERVER/ ol Pocalhosu localhose.m,.comaim 
else myname .my.domain 
echo “/mnt/net/XPWebSERVER is Empty” IZ Os Cian hocalhost. localhost smy domain 
mount smbfs -N -I XPWebSERVER //utente@XPWebSERVER/ myname.my.domain 
data /mnt/net/XPWebSERVER/ 
fi 7 HOSS 
OZ OG 2 Oe as XPWebSERVER 
i Sls Ay mm) nek) te)? ie eehen OS ier (aS XPSP2 
umount /mnt/net/ftp 
curlftpfs -o allow other XPWebSERVER /mnt/net/ftp 
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A Backup Server with FreeBSD for Mixed Networks in SOHO Environment 


For completeness, here is a simple backup script to a 
MySQL server accessible from the LAN: Listing 25 and 
Figure 9. 


A little foresight 

To simplify the work, it can be useful to map the names 
of the servers and clients in the hosts file of the backup 
server. This is so that in case of a malfunction of the DNS 
server, everything will still work (Listing 26). 


How to restore backup data? 
All that you need is an FTP client (FileZilla, FTP CLI, Ex- 
plorer, Firefox, etc.)! As shown in Figure 10, simply con- 


oP L932. 168.233.1487 = Tull¥ 


Figure 9. Our server when a main crontab 
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Figure 10. Logging into Ftp Service of Backup Server 
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Figure 11. Browsing folders 


nect to the local FTP server and check the date of the file 
or folder you want to restore. 

A simple copy/paste et voila (Figure 11). :) 

With this article, we wanted to create an efficient and ro- 
bust backup server designed for SOHO. Enterprise solu- 
tions in need of more advanced features can use FreeN- 
AS, which is also based on BSD. 
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FreeBSD on Rails 


Ruby on Rails is a powerful Web framework. It makes application 
prototyping a breeze, in a few days. Installing it is quite trivial if you 


know the pitfalls. 


What you will learn... 

¢ Installing all Rails-related development tools, 
« Setting up a web application’s scaffolding, 

¢« Debugging your application. 


also strongly advocate that you get to know/learn Git. 

Nearly all Ruby on Rails-related tools, as well as their 
documentation, are hosted on GitHub. 

Installing 

Many tools may help you optimize your Ruby on Rails 

workflow: 


¢ rbenv helps managing several ruby versions on a sin- 
gle computer, 

¢* gems are basically ruby programs or libraries, 

¢ bundler manages project-specific gems, 

¢ rake executes scripts which are part of our application. 


All these tools are included within rbenv, which is why | 
always use this tool no matter how many projects | am 
working on (which means even just one). 

You will be using those all the time, regardless of your 
environment, be it personal or professional. Getting used 
to the tools everybody uses is always a good approach. 

Side note, my shell of choice is zsh. Adapt the listings 
below to suit your needs — for instance, if you use bash, 
replace ~/.zshrc With ~/.bashrc in the listings. 


Dependencies 


To get ourselves started, please first install (with root/su- 
do) these dependencies: 
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What you should know... 

¢ Configuring your HTTP server (Nginx, Apache. ..), 
¢ Setting up your database management system, 

¢ HTML. 


# pkg add -r automake bison curl gdbm git libtool libxml2 
Libsele. \ 
libyaml mysgql55-server node-devel openssl readline sqlite3 


sudo wget 


rbenv 

rbenv is the very first tool we need to install for setting up 
a rails installation. You may follow the documentation on 
http://github.com/sstephenson/rbenv (Listing 1). 

About RVM — rbenv and RVM both serve the same pur- 
pose — that is, to ease the use of several ruby versions on 
a single computer. Both have their own particular advan- 
tages, drawbacks and philosophy. Anyhow, | didn't suc- 
ceed in installing RVM on FreeBSD. 





Listing 1. rbenv installation 


Digit selone MrEOS:7 /GurnMlencom ssikephencon, Coen cust 








~) eben 
cancun 
~/ paceman, Ol mcumnic,/ culo yuna 
S echo ‘export PATH="SHOME/.rbenv/bin:SPATH”’’ >> 


=) Shee 


tr 


Scho. Sevals “SS (hbenvedinit 6)" ose) eeehre 


Source ~/.zshrc 


tr 
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FreeBSD on Rails 


Ruby 
As | am writing this, | recommend ruby versions 1.9.3 or 
2.0.0, the latter being remarkably efficient. 


S$ rbenv install 2.0.0-p195 


S rbenv rehash 


A rehash step is necessary each and every time a rbenv 
component (ruby, gem, bundler...) brings changes to the 
environment. To run our brand-new, freshly-installed ru- 
by version by default: 


S$ rbenv global 2.0.0-p195 


SQLite 
The sqlite3 options in the following command are (sigh) 
necessary for our rails installation to make use of it. 


S$ sudo gem install sqlite3 -- --with-sglite3-dir= 
/usr/local --with-sglite3-lib=/usr/local/lib 


By default, rai/s will use sqlite in the development en- 
vironment, and mysq/ in the production environment. 
Strangely enough, mysq/ will just work out-of-the box 
and will play with our rai/s installation pretty well — pro- 
vided that you create the database and user your appli- 
cation will need (and that you actually start mysq/). 


Rails 


S$ gem install rails 


S rbenv rehash 
That's just it! Now let’s generate our project: 


S rails new bsdonrails 
S cd bsdonrails 


S fails s 


Go visit http:/localhost:3000/ — it works! You may now 
want to set up a fixed ruby version in our working direc- 
tory; do it like so: 


S rbenv local 2.0.0-p195 


A .ruby-version file will then be added in the root direc- 
tory of our project. For now, feel free to get a hold of the 
nice, OS-agnostic Ruby on Rails documentation. And 
start creating! 


Playing with Rails 

Rails provides us with generators, enabling us to cre- 
ate models, views and controllers that follow the MVC 
pattern. The scaffold generator created everything in 
one go: 





Listing 2. config/routes.rb 


Bedontralls: -Applicalvon. roukes.draw aco 


root to: ‘posts#index’ 
Ressoumees sOOcts 
end 


Listing 3. rails console usage 


SP eal 


> pp — POSE new (auEnor: “Bobo, coneene: “Hello, world!” ) 


> p.save 


> Post.all 


Zoe | 
Oise cole lee Wig cise el ae (vost 
=> “Bob” 
> p.author = “Alice” 
> p.save 
PECs ea ciel the cea all ei te 
=> “Alice” 


> exit 





ROS alelk inkl; eiblieloioek “Bele”, CWemeeimer “isle, were)” 9 GiaSciceel cle > 


Ml Updated rae se tinl 


= POs stds auirnon Bob 7 weconteneas Hello, world! creauedsat.= Z0l3 20575 420-4 o ipdavedvar.— 20 05— 
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S$ rails g scaffold Post author:string content:text 


Numerous files are created: model, controller, view, Ja- 
vascript, CSS, tests and database migration templates. 
Speaking of which, to migrate: 


S rake db:create # once per environment 


S$ rake db:migrate 


Then go visit http:/localhost:3000/posts — You may now 
manage your posts. How about that? To modify the land- 
ing page of your website so that the post listings get dis- 
played instead, edit the config/routes.rb file like shown 
on Listing 2. 

Then delete the “old” landing page: 


S$ rm public/index.html 


Now http:/Iocalhost:3000/ should display the posts’ in- 
dex. 


Debug 
Rails features a pleasing debug console like shown on 
Listing 3. 


Production 
Putting rai/s in production is as much a piece of cake as it 
was in the development environment (Listing 4). 

-d makes server run as a daemon. Kill it with: 


S kill -9 ‘cat tmp/pids/server.pid- 


Gems 

More often than not, if you are looking for something that 
“has most likely already been developed”, well, there 
probably is a gem for that. (Gems are sort of plugins for 
rails). To install them, modify the Gemfile in your project's 
root directory, before doing: 


S bundle install && rbenv rehash 





Listing 4. Production rails server 


oS SN producer loOnmrake dh ebea ren; sOmee per 
environment 

> Balls NY =prodicutom rake ds:nigrare 

S$ bundle install && rbenv rehash 

S rake assets:clean assets:precompile 


> bolus ENV=prodwerlom fails sd 
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An average project may use several dozens of gems. A 
non-exhaustive, summed-up list is shown in Table 1. To 
use them, the wisest thing to do is to read their individual 
documentation on their GitHub page — sometimes modi- 
fying the Gemfile is not the only step to undertake. 


Summary 

We have set up a complete Ruby on Rails 3.2 workflow 
on FreeBSD 9.1. Feel free to let your creativity flow and 
make a project out of your idea, it is one of the best ways 
to learn. The official documentation is remarkably well do- 
ne — make use of it! 


Table 1. Useful gems for your Gemfile 


Multi-tenancy for SASS 


bootstrap-sass Twitter Bootstrap here | am! 
font-awesome-rails 


Access Control 
detect_timezone_rails Localizes displayed datetime 


devise Authentication 
devise-i18n 
devise-i18n-views 


Authentication with social 
networks (works well with devise) 


omniauth 
omniauth-facebook 
omniauth-google-oauth2 


faker 


Generate fake data (name, address, 
e-mail, text...) 


friendly_id Use slug instead of id in URI: / 
categories/foobar 


haml-rails HAML is much better than ERB as 
templating language 


jquery-rails Add your JS library through gems 
modernizr-rails to update them easily 


paperclip Image upload and resizing 
through ImageMagick 

paper_trail Keep history of everything you 
want 


PubSub is awesome and simple 


redcarpet Markdown and JS instant preview 

pagedown-rails 

rspec-rails Behavior-driven development. Test 

capybara your views and JavaScript! 

simple_form Awesome forms helpers for your 
views 

thin Ruby Web server, just include it in 
Gemfile! 


tire Client for the Elasticsearch search 
engine/database. 


06/2013 





FreeBSD on Rails 





On the Web 


« http://guides.rubyonrails.org/ — Official Rails guides, 
¢ http://railscasts.com/ — Rails screencasts by Ryan Bates, high quality inside, 
- https://github.com/plataformatec/devise#getting-started — Devise gem for authentication, a good first gem to install. 


Glossary 

« Apache: HTTP server, to replace http://localhost:3000/ by http://what.i.want/, 
¢- Bundler: gems manager, like Maven (Java) or Composer (PHP), 

¢- Gem: Ruby program, library or Rails “plugin”, 

« MVC: Model, View, Controller pattern used in Rails. 

« MySQL: relational database management system, to store data, 

¢ Nginx: newer HTTP server, 

« Rake: command-line software to execute named scripts, 

« Rbenv: command-line software to install and switch between Ruby versions, 
« Ruby: pure object-oriented programming language, 

« Ruby on Rails: Ruby framework to build awesome websites, 

« SQLite: another RDMS, used in development mode (easier to configure), 

«  Zsh: shell, like Bash but with more autocomplete stuff. 











JULIEN GRILLOT 

Formerly working for AF83 as a Ruby on Rails developer, Julien is a passionate Rails trainer at Paris. He contrib- 
utes to open-source projects with the conviction that qualitative projects can be realized with little resources. 
http://www.rubybb.com/ - Rails forum software (BSD), 

http://event.chatchan.us/- “Who’s bringing what?” A Doodle-like tool. 

julien.grillot@gmail.com 





DPASELQR coincemecn 





DEVELOPERS CORNER 


Creating PBI’s with 
EasyPBI 


The Push Button Installer (PBI) format is an easy-to-use package 
format for end-user applications that requires a specialized set 
of build instructions to create a PBI package. EasyPBI is designed 
to simplify the generation and use of these build instructions so 
that even non-technical users can quickly create and distribute 
applications as PBI packages. 


PC3SD 


|: PBI package system is designed so that a single 

*“,pbi file contains not only the desired application 

ik also all of the libraries and other dependencies 
required for the application to run. This necessitates that 
the PBI package process have two modes of operation: a 
“simple” mode that takes a local directory and packages 
it into a *.pbi file without any modification and a “smart” 
mode that actually builds the application and its depen- 
dencies in a clean environment before packaging it all up. 
At the present time, the FreeBSD ports system is the only 
build framework that the PBI system can utilize to enable 
this “smart” build mode, but this could be extended in the 
future to support other build frameworks as well (Such as 
the pkgsrc framework from NetBSD). 

While the “simple” mode can be run with a one-line com- 
mand, the “smart” mode requires quite a bit of specialized 
information to perform the build operations. This leads to 
the requirement of a directory of files that contains special- 
ized build instructions for each individual PBI (hereafter re- 
ferred to as a PBI “module”). This module must contain a 
configuration file (ob/.conf), and can optionally contain in- 
structions for linking files from the PBI into the locally in- 
stalled system hierarchy (external-links), and set up any 
XDG-compliant desktop/menu entries or mime types. 
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Module Generation with EasyPBI 
Since the creation of these PBI modules can be both time- 
consuming as well as complicated for those unfamiliar with 
the PBI module format, EasyPBI was created by Jesse Smith 
and myself to provide a quick and easy way to generate PBI 
modules. Over time, additional features like running the PBI 
build process have been added to EasyPBI until now, with 
the 2.x series, EasyPBI has become a graphical front-end 
to the entire PBI build infrastructure, while still maintaining 
the simplicity and ease of use that defined the initial release. 
The modules that EasyPBI can generate correspond to 
the two types of PBI builds that can be performed: “FreeBSD 
Port” modules are used by EasyPBI to run the “smart” build 
processes and the “Local Sources” modules are created 
specifically for EasyPBI to allow the user to run the “simple” 
build processes as well as include some of the extra PBI fea- 
tures previously restricted to the “smart” process. These two 
types of modules are available in the dialog (Figure 1) that 
appears when you click on the “New” button at the top of the 
EasyPBI window, and you can then give either the FreeBSD 


Table 1. PB! Configuration Options and Descriptions 


Full Application Name 





Website URL to the main application website 


Icon Icon file for this application 


Main FreeBSD Port FreeBSD port to be packaged (FreeBSD Port 
Module Only) 


Make Port Before — Additional port(s) to be built before the main 
application (FreeBSD Port Module Only) 














Requires Root 
Permissions 


Check whether this application requires 
superuser permissions for installation/removal 


© gt as = rz a “MiOdL re 


a 
gl 
| 


| @ \@f FreeBSD Port () 3% Local Sources 
| _—— ~ 
| reetso Port (—_____) (easetet 
Icon File | ~/EasyP8I/defaulticon.png | (|) Setect_) 





Figure 1. New EasyPBI Module Dialog 


www.bsdmag.org 


The BSD Certification Group Inc. 
(BSDCG) is a non-profit organization 
committed to creating and 
maintaining a global certification 
standard for system administration 
on BSD based operating systems. 





@ WHAT CERTIFICATIONS ARE AVAILABLE? 


BSDA: Entry-level certification suited for candidates 
with a general Unix background and at least six months of 
experience with BSD systems. 


BSDP: Advanced certification for senior system administrators 
with at least three years of experience on BSD systems. 
Successful BSDP candidates are able to demonstrate 

strong to expert skills in BSD Unix system administration. 


@ WHERE CANIGET CERTIFIED? 


We're pleased to announce that after 7 months of 
negotiations and the work required to make the exam 
available in a computer based format, that the BSDA 
exam is now available at several hundred testing centers 
around the world. Paper based BSDA exams cost $75 USD. 
Computer based BSDA exams cost $150 USD. The price of 
the BSDP exams are yet to be determined. 


Payments are made through our registration website: 
https://register.6sdcertification.org//register/payment 


@ WHERE CAN I GET MORE INFORMATION? 


More information and links to our mailing lists, LinkedIn 
groups, and Facebook group are available at our website: 
http://www.bsdcertification.org 


Registration for upcoming exam events is available at our 
registration website: 
https://register.bsdcertification.org//register/get-a-bsdcg-id 
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port (or local directory) that will be converted into a PBI. Also 
on this dialog, you may give the PNG file that you wish to use 
for the application icon, otherwise EasyPBI will assign a de- 
fault icon that can be changed later as necessary (Figure 1). 

Once a module has been created (or loaded), EasyPBI 
will display all of the options that are available within the 
configuration file for that module. If this is a new module 
for a FreeBSD port, EasyPBI will automatically read the 
port and set initial values for any of the configuration op- 
tions possible. It is then possible to easily set or change 
the options. Just be sure to click the “save” button to keep 
your changes! While most of the configuration options are 
easily understandable, both they and their functions are 
listed here for reference (Table 1). 

Once the PBI configuration is finished, your PBI is ready 
to be created. However, if the application is graphical in na- 
ture, it is probably a good idea to click over to the XDG En- 
tries tab first (Figure 3). This tab allows you to create XDG 
compliant desktop/menu entries so that end-users can sim- 
ply click on either a desktop icon or a listing in the application 
menu in order to start the application rather than resorting 
to the command line. Just for good measure, if the applica- 
tion has particular file extensions that it helps to run/man- 
age, you can also associate a particular executable from the 
PBI with those file types. Whenever there is an arrow button 
next to a box that you can type into, EasyPBI will attempt to 
provide recommendations for that option. Simply click on 
the arrow button, and a menu list will appear that displays 
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4° Module Editor 
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Program Information 
Name | Minecraft 
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Figure 2. PB/ Configuration Editor 
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on one of those solutions and it will either be added to or re- 
place the current option value. These solutions are all found 
by reading through the FreeBSD port (if possible), so this is 
another situation where the information available in the build 
framework can simply be supplied through EasyPBI with a 
minimum of user effort at reading through or understanding 
the details of that build framework. 

lf the application that is to be packaged as a PBI is a 
command-line application (or if it is a local sources mod- 
ule), the external-links tab should also be checked before 
your PBI is completely ready (Figure 4). The external-links 
file provides a place to list all the files within the PBI that 
should be available to the end-user. For instance, any 
binaries that are listed here will have a special wrapper 
script created in the PBI and sym-linked onto the local 
system where the PBI is installed. This is also important 
for listing any man pages for the application or other files 
that are required in specific locations on the system. One 
thing to point out is that by default, if this is a module for a 
FreeBSD port, the main binaries listed in the port will auto- 
matically have external-links generated whether they are 
listed in this file or not. This ensures that at least the main 
application is available to be run on the user system after 
installation. If the current module is for packaging a local 
directory, you will need to take particular care to list all the 
application binaries here so that the user who installs this 
PBI will actually have the ability to run the application. 

The last two tabs in the module editor are not used very 
often but are quite powerful when they are used. The Re- 
sources tab allows you to add additional files to the PBI. This 
is mainly used for adding the application icons, but it is pos- 
sible to add other things such as default configuration files, 
binary wrapper scripts, and anything else that the application 
might be missing by default. The Scripts tab allows you to 
write your own custom scripts to be run during/after the PBI 
creation process (see Table 2 for a list of the possible scripts 
and when they are run). This allows you to perform custom 
build operations or modify the build process at any time. 

One thing that is important to reiterate is that PBI’s are 
built in a clean chroot environment without access to the 
host system. So if there are additional files that you need 
for a particular PBI build, you will need to fetch those files 
into the build environment by using one of these scripts. 
For advanced PBI scripting information, there is additional 
information as well as a list of predefined variables that 
can be found on the PC-BSD wiki page[1]. 


Building the PBI 

EasyPBI also acts as a front-end to the PBI build pro- 
cess. Before doing this however, it might be a good idea 
to check the build settings in the EasyPBI Preferences. 
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The settings that are available are: 


¢ set the directory where the completed PBI should be 
placed, 

¢ digitally sign a PBI for tamper-evident distribution, 

¢ use TMPFS to speed up builds (save temporary data 
to memory rather than hard disk), 

¢ use package caching (re-use previously built packag- 
es for port dependencies). 


By default the TMPFS and package caching options are 
turned off; however, | highly recommend enabling both 
of them due to the significant decrease in time it will take 
to build PBI’s with EasyPBI. If you happen to see a build 
fail with Out of Memory errors though, you probably will 
need to turn off the TMPFS option because your system 
might not have enough memory to build that particular 
application (office suites are particularly large). 

Once you have the PBI build settings configured, the 
PBI Builder within EasyPBI will give you an interface to 
the PBI build process. Only a single build process can be 
running at any given time, but once a build is started you 
can create or edit other modules while the PBI build is run- 
ning. A PBI build requires root permissions (a prompt will 
appear before the build starts) as well as an active inter- 
net connection (to download files necessary to build ap- 
plications). Once a build is started all of the log messag- 
es will be displayed in the EasyPBI interface in real-time, 


ON in a en PS name Pre nn ale ed 
System Options Infonmation 
= | ~/EasyPSl/Modules/minecraft-client 
Mew Lowd 
@ PBI Builder 
- Module Editor 
PBI Configuration Resources XOG Entries Scripts || External-Links 
Entry Details 
Desktop (8) Menu 
minecraft-client.desktop Name | Minecrat 
Executable | minecratt-cllent o 7 
con | @ minecraft-icon.png ¥ 
Open in Terminal 
Make Invisible 
Requires Root 
Category | Game @ = 
MIME Patterns 
i) — 


Figure 3. XDG Menu Entry Editor 
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so you can keep an eye on it to see how it is proceed- 
ing. Should you need to cancel the build for some reason, 
there is a button on the side that will allow you to safely 
terminate the build process. Once the build is stopped (ei- 
ther cancelled or finished), EasyPBI also gives you the 
option to save that build log to a file should the need arise. 
This is especially important if your build ran into some kind 
of error and you need to seek assistance in resolving the 
issue. By saving the build log, you can provide the exact 
errors (usually at the end of the log) when asked to pro- 
vide more details about the issue. 


Other Resources 

EasyPBI provides menu options for additional informa- 
tion about EasyPBI, FreeBSD ports, and the PBI mod- 
ule format. The EasyPBI option will open up a dialog that 
displays the EasyPBI licence (3-clause BSD) as well as 
the current version of EasyPBI and its development his- 
tory. The FreeBSD ports option will try to open up a link 
to www.freshports.org in the default web browser. If you 
have a module loaded that uses a FreeBSD port, it will 
actually open the page that corresponds to that particular 
port. This is extremely useful if you want to quickly check 
what options are available for the port, what dependen- 
cies are required for the application to run, or other infor- 
mation that might be contained in the FreeBSD port. The 
last menu option will open up a link to the PC-BSD mod- 
ule builder's guide. This is useful if you are unsure what 











i emma {_._;'| 4 | ee 11) 
System Options Information 
= ~j/EasyPBliModules/minecraft-client 
Hew Load 
@ PBI Builder 
‘> Module Editor 
PR Configuration Resources | XDG Entries Scripts External-Links 
Current Entries Add Entry 
File Link bo rile Type File | binfminecraft-client o - 
Unk To | biniminecraft-client 
File Type | binary Or 
a Add Entry 


= Remove Entry 


Figure 4. External-Links Editor 
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a particular option is used for or if you want to learn more 
about the PBI module specifications for advanced con- 
figurations. 


Submission of a Module for addition to the 
PC-BSD repository 

Once you have a working PBI module, | would recom- 
mend submitting it for inclusion into a PBI repository so 
that others can use the resulting PBI as well. Generally, 
a PBI repository will run a PBI building daemon that will 
automatically create and update any PBI’s that it makes 
available. To do this, they only need the set of build in- 
structions (the PBI module) which can then be added to 
the module tree that the daemon oversees. In order to as- 
sist in the submission of PBI modules to a repo, EasyPBI 
provides a menu option to compress a copy of the cur- 
rently loaded module into a small *.far.gz file for transport 
via email or other methods. 


Table 2. Available Scripts and Runtimes 










post-portmake.sh 


After building the listed ports 


Before the PBI is installed on a system 


pre-install.sh 





Before the PBI is removed from a system 


pre-remove.sh 


System Options information 

oe = | ~/EasyPalModulesiminecratt-client 

New Lowa 

@& PBI Builder 

Module Building | \ 7 Build PEI 


Output Birectory Build 32-bit 


M Cancel Build 


3 Module Editor 


Figure 5. PBI Builder Interface 
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On the Web 

¢ http://wiki.pcbsd.org/index.php/PBI_Module_Builder_Guide 
— PBI Module Builder’s Guide 
http://forums.pcbsd.org — PC-BSD forums (with PBI develop- 
ers sub-forums) 
http://lists.pcbsd.org/mailman/listinfo - PC-BSD mailing lists 
https:/github.com/pcbsd/pbi - PC-BSD PBI repository on GitHub 











The PC-BSD project currently provides a repository with 
over eleven hundred PBI’s available, and we are always 
looking for more! There are two main methods by which 
modules may be submitted to the PC-BSD repository. 
First, you can send the packaged module in an email to 
the PC-BSD PBI developers mailing list [3]. One of the re- 
po managers will then check that module for accuracy and 
make any small adjustments that might be needed (usu- 
ally just fixing the icons or desktop/menu entries) and then 
add it to the repository. The other method is fairly new, but 
the PC-BSD repository is now available on GitHub [4] and 
as such you can, fork the repo, make your changes, and 
then send us a pull request to have your changes checked 
and merged back into the main branch. 


Summary 

EasyPBI is a complete graphical front-end to the PBI 
creation process that makes the creation of PBI pack- 
ages simple for all users. By using EasyPBI, you not only 
get a streamlined process with automatic form genera- 
tion and simplifications, but you also retain the power of 
creating PBI modules by hand. In addition, EasyPBI pro- 
vides the ability to package local directories into the PBI 
format while retaining the ability to add XDG-compliant 
desktop/menu entries or mime types to the new PBI. All 
of this adds up to a program that is the recommended 
method for generating new PBI’s for individual or com- 
mercial use. 


KEN MOORE 

Ken Moore co-created EasyPBI with Jesse Smith in 2011 and took 
over full development of it for the PC-BSD project in 2012. He lives 
in Tennessee with his wife and two sons and is always looking for 
ways to make computers simpler, but no less powerful, for the av- 
erage user. He is currently employed by iXsystems to work on the 
PC-BSD Project as both a developer and as the manager for the 
PC-BSD PBI repository. He can be reached at: ken@pcbsd.org. 
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,~ Moea Toa. 


Your donations have helped make FreeBSD 
the best OS available! By investing in 

the services provided by The FreeBSD 
Foundation you have helped us fund projects 
to keep FreeBSD a high-performance, 
secure, and stable OS. 


What will the Foundation accomplish with your 
donation in 2013? 


e Software development projects for FreeBSD: 
$600,000. 


e Paid staff time supporting Release 
Engineering and Security teams. 


¢ Grow staff: Five technical staff members by 
year-end. 


e Provide support for BSD conferences 
around the globe, in Europe, Japan, Canada, 
and the USA. 


e Hardware to maintain and improve FreeBSD 
project infrastructure: $130,000. 


e FreeBSD community growth through 
marketing and outreach to users and 
businesses. 


e Legal services and counsel protecting the 
FreeBSD trademarks. 





ToT 


Wide, 
by donating 


FreeBSD is internationally recognized as an innovative 
leader in providing a high-performance, secure, and stable 
operating system. Our mission is to continue and increase 
our support and funding to keep FreeBSD at the forefront of 
operating system technology. But, we can’t do this without 
your help! 





Last year with your generosity, we raised over $770,000. This year we will invest $1,000,000 
to support and promote FreeBSD. 


We have kicked off the new year with three newly funded projects, and are actively 
soliciting additional project proposals. 


Please support the Foundation during our Spring Fundraising Drive, and help us raise 
$100,000 from 1000 donors between April 15th and May 30th. 


Weare aaa 
we can't Ao this without you... 


Make your donation today. Go to: 
ACL CCL LR HTL es 





) Th " Then talk to your employer 
about matching your gift— or 
{ . . making their own donation. 


FOUNDATION 


Find out more, visit: 


aaAfreebsdfoundation.org 





ADMIN 








Manage your Ruby 
Versions Under FreeBSD 


Ruby Version Manager is a great tool to manage several Ruby 
binaries without dependency breaks. The examples from this 
article have been tested under FreeBSD 9.1 with bash. 


What you will learn... 

¢ You'll learn to install and use this awesome project for your web, or 
another type of developed projects with Ruby programming lan- 
guage with FreeBSD 


system administrator or Ruby developer to in- 

stall several versions of their favorite scripting 
language, Ruby. For each Ruby version, you will find the 
rubygems utility to install, update, remove, or build your 
needed gems. 


|) eveloped by Wayne E. Seguin, RVM allows a 


RVM setup 
You can deploy RVM as root or as a simple user. For your 
introduction with RVM, test with a standard user (single 
user install). Root’s install is for multi-user usage. 

Here we go, we need some binary to set up RVM: 


tib@cendrillon$ for name in {bash,awk,sed,grep,1s,cp, 


tar,curl,gunzip,bunzip2,git,svn} ; do which $name ; done 
After getting the requirements, install RVM: 
tib@cendrillons$ \curl -L https://get.rvm.io | bash 

Load RVM (you can open a new session too): 


tib@cendrillon$ source ~/.rvm/scripts/rvm 


After this step, to test your setup, you must see “rvm is a 
shell function”, and type: 
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What you should know... 

¢ Basic Shell skills. 

« Very basic Ruby ecosystem understanding. 
¢ Nginx virtualhost configuration. 





Listing 1. rvm list known 


tab@eendrillons rym last known 


# MRI Rubies 








Palle Slee ol e4 40) 
(ese = iS.) (57 
senile =| lee Oral e4s 1G) 
[ction oe | 520) 
neo lo OS 
[eto elo S14 
ato epee 6 6 
et io ao ou, 
[nebo le Scio sie! 
etiloy lo e 3 1 4 
ealion =| es Oa oo 
PenioV MeO =O oc! 
Petiloy = oe S429) 
nei =| Os hea 
Ub y= | 200 eek 
aa SO Ol ae7 
Paty ai on 
eto = 1/270 10) | 19S) 
ruby-head 
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tib@cendrillon$ type rvm | head -n 1 That’s it. RVM is set Up. 
rvm is a shell function Note: If you get “rvm is not a function”, you need to con- 
figure your shell as login shell. 





Listing 2. rvm install 


Ei pGcendr mMlons sryneemsta ll 6. 27/ 
Searching for binary rubies, this might take some time. 
No binary rubies available for: freebsd/9.1-RELEASE-p3/x86 64/ruby-1.8.7-p371. 
Continuing with compilation. Please read ‘rvm mount’ to get more information on binary rubies. 
Installing Ruby from source to: /home/tib/.rvm/rubies/ruby-1.8.7-p371, this may take a while depending on your 
Crom Caner 
tuby-l.8. /-po7l = edownloading ruby-178./-p3ii,, thas may take a while depending om your Connection... 
mb Veo.) OS i exErdcred tO. NOme/ ito, . «vl, sre, miloy—-l.6./-037) le (already extracted) 
Patch stdout-rouge-fix was already applied. 
Fave enous ly awes welliscadyeepp ted. 
#configuring 
#compiling 
#installing 
Retrieving rubygems-1.8.25 
colored %6 Received % Xferd Average Speed Time Time Time Current 
Dilkoacy Upload ANeneal ll Spent Left Speed 
OOS ke OOS dalek 0 Qs 42k Oe eae a = ee ee ee Le 
BXEraGuenicGn eulbygems— ion 2. 
Removing old Rubygems files... 
iS ieal Mien er MO Vy Gems =o) fOm roy =o) oo) 
Installation of rubygems completed successfully. 


Saving Wwrapperer ro “hone, ELby, sreumy wrappers, GUby—-lee ./-O5 di w.) 


ruby-1.8.7-p371 - #adjusting #shebangs for (gem irb erb ri rdoc testrb rake). 

Gp yale (Oo bas IMporinG dete lunGemceno, rE tomMayatt alder LmMmen nn yam gi dace seein os 

Installer cuby-l.8./-p3/1 — +complete 

Please be aware that you just installed a ruby that requires 2 patches just to be compiled on up to date linux 
System 

This may have known and unaccounted for security vulnerabilities. 


Please consider upgrading to ruby-2.0.0-p195 which will have all of the latest security patches. 


Listing 3. rvm list 


tioteend ri lonoy aaviie ki sitc 


rym rubies 


ruby-1.8.7-p371 [ x86 64 ] 
ruby-1.9.3-p392 [ x86 64 ] 


# Default ruby not set. Try ‘rvm alias create default <ruby>’. 
# => - current 


7 = = ClUrreonire derail 
# * - default 
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Listing 4. Rakefile 


require ‘rake/testtask’ 


Rake: :TestTask.new do |t| 
Ea libs << “test? 
Pace see le se ee Phe bs ele Ge. lea) 4 
t.verbose = true 


end 


Listing 5. example.rb 


WE 


require “test/unit” 


class TestBsdMag < Test::Unit::TestCase 


det @ece mac 
he= “(abies bol | 
chaser creel etlinee => “oreio J 1) 


end 


end 


Listing 6. rake test 


tib@cendrillonS rvm use 1.8.7 && rake test 

Loaded suite /home/tib/.rvm/gems/ruby-1.8.7-p371@global/ 
gems/rake-10.0.4/lib/rake/rake test_ 
ieaders 


Started 


Finished in 0.000923 seconds. 


I testes, lo vassertions, 0 farlures, 0 errors 


Listing 7. rake test 


tib@cendrillonS rvm use 1.9.3-392 && rake test 

Using (homey tib/ .rum/ gens, ruby—l. 9. 3-p3 92 

/home/tib/.rvm/rubies/ruby-1.9.3-p392/bin/ruby 
-I@bibsibest “1 / home, uD eum gemsy, 
ruby-1.9.3-p392@global/gems/rake- 

10.0.4/lib” “/home/tib.rvm/gems/ruby- 

1.9.3-p392@global/gems/rake-10.0.4/ 





lib/rake/rake test loader.rb” “test. 
ror 

Rome) tib=tym) wubies, cubby le Jo —po02/ Io) ruby) sicen 
ruby/1.9.1/rubygems/custom require. 
ro:36:in ‘require’: /home/tib/test. 
rb 36: “Syntax error, unexpected *,7, 
expecting tASSOC (SyntaxError) 

fe altce" = bob” 


A 


/Mome/ EU) RES@ rb: 6 cyte emnrom, umexDeCEed. jy 


expecting keyword end 


Listing 8. test.rb 


require “test/unit” 


class TestBsdMag < Test::Unit::TestCase 


det Geese ach 
Ie ieieetN a8 elon | 
ceconrmeqUceu@|) abi Ceus=-— OObr aa) 


end 


end 


Listing 9. rake test 


tib@cendrillonS rvm use 1.8.7 && rake test 

Loaded suite /home/tib/.rvm/gems/ruby-1.8.7-p371@global/ 
gems/rake-10.0.4/lib/rake/rake test_ 
loader 


Started 


Finished in 0.000923 seconds. 


i tests, J assererons, 0 tarliunes, 0 “errors 
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Ruby switching, install gems 

Before using this new tool, ensure that you have all the = root@cendrillon# cd /usr/ports/lang/rubyl9 && make install 
needed dependencies and build the port of Ruby to have clean && cd - 

all the stuff needed in the future (faster method): 





Listing 10. rake test 


tibeecendrillons vm use 129° 3-p392 66 wake test 

jnome/tibacvmy Gubmes,/ tuloy=l 9.3 -p 307) bim eulby —h liperect  —l"/home, tie. mvmy geme/muloy—i. oO. 5 -pooZdGlobaly gems /rake— 
10.0.4/lib” “/home/tib.rvm/gems/ruby-1.9.3-p392@global/gems/rake-10.0.4/lib/rake/rake test_ 
Peace ce) SPSS. ne 


Uae eae alse 


# Running tests: 


Finished tests im U200I7 35s, 576.4760 tests/s, 576.4267 accertions, s. 


l tests, 1 assertions, 0 failures, 0 errors, 0 Skips 


Listing 11. adduser 


root@cendrillon# adduser 

Usomocils tess. Uelc@ud 

Full name: Test Unicorn 

Uid (Leave empty for default): 

OGinid Cigoulo esse Uiaeoiea| 2 

oye Lia) CicOW oy Wey aeSisie Wdikcoreds Midas ieSsie Maem Tidieo Cheinsio Cicowl ass | Ie 
hogum class [detail r |: 

SHelie Wsh-esh wesh Zen rzch G@e-shelie basi roach nologim) si): bash 
Home directory [/home/test unicorn]: /usr/local/www/test unicorn 
Home directory permissions (Leave empty for default): 

Use password-based authentication? [yes]: yes 

Use an empty password? (yes/no) [no]: 

Use a random password? (yes/no) [no]: 

Enter password: 

Enter password again: 


Lock out the account after creation? [no]: 


Username [We cr gulaxe Oren 

Password eee ta 

EN eee he ome Une @ tam 

Uid 2008 

Class 

Groups eS Se puianine ora 

Home : /usr/local/www/test unicorn 


Home Mode 

Shell 2 /us«/ Vocal, biny bash 

Locked © 

OK? (yes/no): yes 

adduser: UNZO = suecess nul iy saddec (Rest muUnLcOn) EOuEnen Wsemedawaladses 
Add another user? (yes/no): no 


Goodbye! 
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You have RVM on your system now and you are going 
to install Rubies. But which Rubies? We need to list what 
Rubies are available (Listing 1). 

| didn’t display the full result here, but this command 
shows available rubies version with different interpreters 
(MRI here). Before installing rubies with RVM, to avoid 
problem with RVM’s autolibs feature, disable it: 


tib@cendrillon$ rvm autolibs 0 


lf you don't disable it, the following command won't work. 
It will be looking up for compiling dependencies (opti- 
mized for GNU/Linux and MacOS X system) for a very 
long time. We chose Ruby 1.8.7 (deprecated now) and 
Ruby 1.9.3-p392 for our future tests (Listing 2) and: 


tib@cendrillonsS rvm install 1.9.3-p392 


[.. same things like above ...|] 


So we have two rubies (Listing 3). We want to use Ruby 
1.9 as default: 


tib@cendrillonS rvm use 1.9.3 --default 
Using /home/tib/.rvm/gems/ruby-1.9.3-p392 


Listing 12. /usr/local/www/test_unicorn/bob/config/unicorn.rb 


WOth Sig EOC OS Seo 4 


working Glrectony ~/lst/ local) www, test wnicorn, bobby” 
PReloadhaep. calc 
Eimeour 30 


listen 


“/usr/local/www/test unicorn/bob/tmp/pids/unicorn.pid” 


pid 


ANG ficney ed sail ieee artes 
/usr/local/www/ 


SieCleieie joeicla 


stdout path “/usr/local/www/test unicorn/bob/unicorn.stdout. 


DeBOvewrOuh CO Nlsenen, sWerker| 


defined? (ActiveRecord: :Base) and 
ActiveRecord: :Base.connection.disconnect! 

end 

eucivere 1Crele lo |\sisie Viste, WioleleSie | 

defined? (ActiveRecord: :Base) and 

Detevene@ OE lace es tao as meonnoeth non 


end 





AC aN PTT a4 ARAL IRC lew es ees =) sire ~ METAR te aR Ce = Se LE 
“lust /local/www/ test unteorn/ bobstimp/ sockets/ unicorn, sock”, 


t= Waa aac /AAR/ 1 fea 7 etdarr lan” 
Hse moloube onaay se@ley Akeley ablenweeuceln simelonai a eye 


Where is my current Ruby binary? 


tib@cendrillon$S which ruby 
/nome/tib/.rvm/rubies/ruby-1.9.3-p392/bin/ruby 


You want to switch to your system Ruby, installed via 
ports tree: 


tib@cendrillons rvm use system 


Now using system ruby. 
Ensure that’s ok: 


tib@cendrillon$S which ruby 
/usr/local/bin/ruby 


You have two rubies and RVM installed. It’s time to learn 
some use case examples. 


Testing use case 

You are an awesome developer who has been hired to 
develop cross compatibility between Ruby 1.8.7 and Ru- 
by 1.9.3 of an existing Ruby program currently running in 
Ruby 1.8.7. Your application has some unit tests. For this 


sbacklog => 64 


ale VT 
log 
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quick and dirty example, my tests are represented by two 
assertions with the test unit. 

You will need two files with related Ruby code (List- 
ing 4 and 5). Test our mini test suite (Listing 6). And now, 
with 1.9.3 (Listing 7). This code doesn’t work with Ruby 
1.9.3 because simple hash allocation has been removed. 
We need patch test.rb following Listing 8. Relaunch tests 
(Listing 9). That’s still OK with 1.8.7 (Listing 10). And it 
works with 1.9.3! Regression tests, OK. 

Imagine if you used the old way to construct your hashes 
in your current app. Without tests, you would be screwed. 
Unit tests and RVM allow you to test your app faster. 

When you develop an application, it can be useful to 
make tests (unit, functional, etc.) to avoid bugs and save 
time. Test your app with different versions of Ruby — very 
— easily with RVM. 


Further application 
Now, a web deployment example for sysadmins. We are 
going to set up a rails application example with unicorn 
(used by Github), Nginx, and RVM. 

You need to install Nginx (passenger isn’t needed): 


root@cendrillon# cd /usr/ports/www/nginx && make install 


clean && cd - 


Create a user for our test (Listing 11). 
Become test unicorn: 


root@cendrillon# su - test_unicorn 


Now to train yourself, install RVM and rubies for test _ 


unicorn. =]. 





Listing 13. config 


NY eset cll UNI Oma IWS bn erie tic egee| 


fail eameout=0y 


server { 
seem a) 
Sebver Male wai lakimg -dema tm, 


root /usr/local/www/test unicorn/bob/public; 
Locate lTomer, 


InceOsy Sec InSecleie klesic Since lose; 


Puen ened neces Onmn: 


# If you don’t find the filename in the static files 
# Then request it from the unicorn server 
(ee oqeo elon ame a 

proxy pass http://unicorn test server; 


break; 


errom page S00) 502 50355047 S002 hem, 
location, — /5002ncmL 4 


root /usr/local/www/test unicorn/bob/public; 





server unix:/usr/local/www/test_unicorn/bob/tmp/sockets/unicorn.sock 


proxy pace Mcadeu  X-bernarded-BOm spEOxy addy norwarded bon, 
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After these steps are completed (| setup 1.9.3-p392), 
install Rails gem: 


test _unicorn@cendrillon$ gem install rails 
You will need sqlite3: 


root@cendrillon# cd /usr/ports/databases/sqlite3 && make 


install clean && cd - 


Create a new application called bob (wait during bundle 
install, don't 4C): 


test _unicorn@cendrillon$ rails new bob 
Install unicorn: 
test unicorn@cendrillon$ gem install unicorn 


Fill the unicorn configuration file (Listing 12). Create a 
new vhost with this config (Listing 13). 
Run unicorn: 


test_unicorn@cendrillon$ cd /usr/local/www/test unicorn/bob 
test unicorn@cendrillonS mkdir -p tmp/pids 

test unicorn@cendrillon$ mkdir -p tmp/sockets 

test unicorn@cendrillon$ unicorn -c /usr/local/www/ 


test _unicorn/bob/config/unicorn.rb -E production -D 
Restart Nginx on your new virtual host: 
root@cendrillon# service nginx restart 


Connect to your virtual host configured url. You should 
see that page: 


“The page you were looking for doesn’t exist.” 


That’s the Rails framework 404 error. Check log/pro- 
duction.log! You need to configure the app, set the data- 
base, add a new controller, add a base route, well, code 
a web app! Unicorn works! 

Yeah, it works. Stop unicorn and observe the difference. 

Yeah, that’s it. It’s not a review of Rails development 
(Rails can need some big dependencies, like mysal, etc.), 
nor a full review of Nginx configuration. But, if you're run- 
ning applications in production with Rails (or other rack 
based applications), you can think about useful tricks to 
customize your actual configuration with, for example, 
“per user virtual host configurations” or “per rails appli- 
cations” configurations, adding gemsets for each app, try 
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On the web 

¢ https://rvm.io/-— RVM website 
https://github.com/wayneeseguin/rvm — RVM Github 
http://rbenv.org/ - rbenv website 
https://github.com/sstephenson/rbenv — rbenv Github 
http://www.ruby-lang.org/en/ — Ruby language website 
http://guides.rubyonrails.org/getting_started.htm! - RoR 
Getting started tutorial 
https://github.com/blog/517-unicorn — Unicorn description 











thin, try passenger, try Mongrel, etc. This example isn't 
production ready; its purpose is to give you a basic under- 
standing to continue the adventure. 

Normally, | don’t use FreeBSD (except for this article). 
Can RVM work with all “BSD systems? 

In theory, yes. But | haven't tested it. So, | would recom- 
mend testing RVM for another BSD system before think- 
ing about production environment deployment. 

If you want an RVM alternative, you can test rbenv (see 
link section). At work, | use OpenBSD every day as my 
desktop station and | work with rbenv (just out of curios- 
ity). | didn't try to use RVM or rbenv under NetBSD or 
DragonflyBSD; it’s still on my todo list. 


Summary 

As you saw during this quick introduction, RVM can be 
an amazing tool both for developers and for sysadmins. | 
hope this article gives you some great ideas to run more 
awesome Ruby applications in production! 


THIBAUT DELOFFRE 

Thibaut Deloffre discovered BSD systems during his studies and 
continues to use them every day as a sysadmin and develop- 
er (Ruby ;)). He worked for LINAGORA, a French company advo- 
cating open source softwares in France, as a LAN administra- 
tor. Thibaut works now as a system and network integrator for a 
telecom operator in France. 
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Keep OpenBSD 
Customers Satisfied 








For a long time there was nothing like security updates for 
OpenBSD packages. Now M:Tier company has introduced a new 
long-term support and update service for OpenBSD. 


What you will learn... 

« What are binpatches 

« What are -stable package updates 

- How to start using update service on OpenBSD 


penBSD and -stable source patches. M:Tier’s 
C) binpatches provide security updates for Open- 

BSD in the form of binary patches which can be 
installed as regular packages. 

For a long time, OpenBSD has been doing two releas- 
es per year. Security updates are being committed to the 
source tree, but no new installation sets are built with 
these updates. Up until now, OpenBSD could not mea- 
sure up to many popular Linux distributions when it came 
to security updates for previous releases. 

The M:Tier team is working to provide all OpenBSD us- 
ers free support with the introduction of binpatches and 
updated packages (from ports) with security fixes. This 
started in the form of binpatches for the base system with 
OpenBSD 5.2 and it has now been extended to include 
updated packages for OpenBSD 5.3. 


Binpatches and what's the advantage? 

Normally source becomes updated and each person can 
make a binary on their own on each machine and install 
updated system parts. This is where M:Tier stood up and 
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What you should know... 

¢ OpenBSD is issued every 6 months and does not offer any package 
updates. Core system updates are in the form of source patches, 
and every release is supported only for 6 months, then users are ad- 
vised to upgrade to the next release. 

- During the development of a new release, the unfinished source 
called -current can be tested together with alpha packages from 
the snapshots directory. A user can download the -current system, 
install packages and upgrade both the system and packages every 
time a binary upgrade is available. The upgrade requires in fact a re- 
installation of the whole core system every time. 


provided binary patches that offer an easy way for users 
to apply the security fixes to their -stable installation. 

This is how it works, imagine you take care of three 
servers and run one instance of OpenBSD on your lap- 
top for testing reasons. Now you learn that a new secu- 
rity hole or memory leak was found in this or that part of 
the system. At this moment if you want to apply the fixing 
patch you have to: 


¢ download system sources 

¢ apply the patch 

¢ compile the whole core system 

¢ apply the update 

¢ and you have to do that on every single machine you 
maintain. 


In case you use binpatchNG (a framework for creating 
binary patches for OpenBSD on all platforms in a semi- 
automatic way, developed by M:Tier), you can generate 
a binary patch on one machine and then apply it on the 
other machines. 
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Keep OpenBSD Customers Satisfied 


And if you decide to use M:Tiers binpatch repository, 
you really only need to download and apply the patch 
on each of your machines. You don’t have to download 
sources or compile anything. You in fact just install a bin- 
patch in the form of a package. The saved time and work 
is multiplied by the number of machines you have to main- 
tain, of course. 


What are -stable package updates? 

OpenBSD continuously builds packages from the ports 
tree for -current, but it only builds the packages for a re- 
lease once and does not provide any upgrades or secu- 
rity updates. This is where the stable package updates 
come in; they are built and released whenever a security 
update or fix has been committed to the ports tree. M:Tier 
developers apply the security and stability fixes to the tree 
and provide freshly-updated packages in their repository. 
The repository does not contain any additional packages 
or newer versions of packages, just security and stability 
fixes. 
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How to use M:Tier’s stable updates? 

Using M:Tier’s -stable repository is quite easy. It requires 
adding the M:Tier repository to your PKG_PATH so the 
pkg_* tools know where to look for updates. Secondly, it 
requires importing the SSL certificate with which the pack- 
ages have been signed. This latter feature has been add- 
ed so that users can always validate that the packages 
they install are really built by M:Tier. 


1) Install the M:Tier certificate 
Retrieve the certificate from httos:/stable.mtier.org and 
install it into: 


/etc/ssl/pkgca.pem 


2) Update your PKG_ PATH 
Please update your spKc PATH environment variable to: 


PKG PATH=https://stable.mtier.org/updates/$ (uname 
-r)/$(arch -s):${PKG PATH} 
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For example: 


PKG PATH=http://ftp.fr.openbsd.org/pub/OpenBSD/S$ (uname 
-r)/packages/$(arch -s) PKG PATH=https://stable.mtier. 
org/updates/$ (uname -r)/S$(arch -s):${PKG PATH} 


PKG PATH 


export 


Finally you can check the variable, and you should get 
something similar to this: 


S env |grep PKG PATH 
PKG PATH=https://stable.mtier.org/updates/5.3/i386:http:// 
ftp.fr.openbsd.cs.fau.de/pub/OpenBSD/5.3/packages/i386 


When you adjust your system accordingly, you are ready 
to use the binpatches and packages update directory. 


Installing them, there is a difference 

With packages, which are ready for 5.3 and later, it works 
the same way like it works with packages in the current 
OpenBSD snapshots. So the only thing you have to do is 
to run this as a root as shown on Figure 1. 

Then you can go and have your coffee. Pkg add will 
check your currently installed packages for any available 
updates, and installs them if they are found. 

lf for some reason you only want to update a single 
package, say your PostgreSQL database server, you 
can run: 


OKO aad =U postgresql server 


Binpatches, which have been working since 5.2 already, 
have to be installed manually, as they update the basic 
part of the system and pkg adda does not recognize them 
as updates for now. However binpatches come in the 
form of packages too, so you just use the name of the 
binpatch, for example a kernel: 


pkg_add binpatch53-amd64-kernel-1.0.tgz 


& su 

Password: 

# pkg add -vu 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 
Update candidates: 


quirks-1.86 -> quirks-1.86 (ok) 

ORBit?-2.14.19p3 -> ORBit2?-2.14.19p3 (ok) 

azps-4.1l4p6 -> azps-4.14p6 (ok) 

aalib-1.4p4 -> aalib-1.4p4 (ok) 
accountsservice-6.6.368 -> accountsservice-6.6.30 (ok) 
argyll-1.1.6.20160201p1 -> argyll-1.1.68.20100201p1 (ok) 
aspell-0.60.6.1p1 -> aspell-6.60.6.1p1 (ok) 
al-spi2?-alk-2.6.2 -> al-spi2-alk-2?.6.2 (ok) 
at-Spl?-core-?7.6.3 -> at-spil?-core-7.6.3 (ok) 
atk-2.6.8 -> atk-2.6.8 (ok) 

atk2mm-2.22,.6p2 -> atkomm.2.22.6p2 (ok) 

Update candidates: avahi-6.6.31p6 -= avahi-6.6.31p6 (ok) 

Update candidates: avahi-gtk3-0.6.31p3 -> avahi-gtk3-60.6.31p3 (ok) 
Checking packages|No change in avahi-gtk3-6.6.31p3 


Figure 1. pkg_add -vu 
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On the Web 


https://stable.mtier.org/ 

- http://www.undeadly.org/cgi?action=article&sid=2013 
0509120042 

¢ http://www.undeadly.org/cgi?action=article&sid=2011 
0420080633 

«  http://www.openports.se/ 

« http://www.openbsd.org/ 

« = http://www.openunix.eu/ 











and the package is downloaded and applied to the sys- 
tem. For ease of use, the developers have added an 
rsync access, then finding out names and applying 
patches is easier, use the following command, and you 
can inspect and install all the latest locally: 


rsync -av --progress rsync://stable.mtier.org/OpenBSD- 
Stable/ \ /my/favourite/folder/ 

Conclusion 

M:Tier binpatches and -stable package updates really 
change the world of OpenBSD. The good thing is not on- 
ly that you can keep your system updated just as many 
Linux users get it, but the support is longer than it used 
to be. Now you do not have to upgrade or reinstall your 
OpenBSD every half a year, but you can stay on stable 
and keep your system updated for one whole year. Also 
the fact that some core OpenBSD developers are part of 
M:Tier ensures the development of updates is in line with 
the development of the OpenBSD system. 


Final word 

Finally | would very much like to thank M:Tier developers 
for their job and for being helpful and friendly even in mo- 
ments when the writer of this article did not keep his wits 
about him. 


PETR TOPIARZ 

The author has been administering BSD web/mail/file servers 
and Linux desktops in three small Prague-based companies for 
the last eight years, and has contributed to BSDMag since its first 
issues. 
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FreeBSD in Xen Cloud 
Platform (XCP) 


The Xen Cloud Platform (XCP) is an open source hypervisor for creating 
and managing Virtual Machines (VMs). While FreeBSD is a Xen-aware 

operating system, there currently is no native XCP support for FreeBSD. 
| asked for this feature on the Citrix mailing lists and Dave Scott told me 





it could be possible to run FreeBSD in XCP if it met some requirements. 


What you will learn... 
- XCP’s advantages and how to take them with FreeBSD 
¢ Howto run FreeBSD in XCP 


to do with XCP which is a Linux Xen distribution 

with the XAPI included and some proprietary soft- 

ware. | discovered that FreeBSD is able to be suspended, 

for example, which is key to moving a VM between hosts. 

So, | started thinking that FreeBSD VM’s in Hardware 

Assisted Virtualization (HVM) mode should be able to 

take advantage of suspending and moving the same way 

as supported Linux distributions in XCP or Windows in 
HVM mode using the Windows'’s Citrix Xenserver tools. 


Z irst, | started investigating what FreeBSD was able 


Some Concepts 

For officially supported operating systems, Citrix provides 
“XenServer Tools” packages which differ depending on 
the guest OS and the expected mode to run in XCP. Gen- 
erally, they provide programs which allow an OS to take 
advantage of XCP’s virtualization. They could include 
a Xen-aware kernel in (ParaVirtualization) PV or HVM 
mode, XenStore management utilities, scripts for main- 
taining unprivileged entries in the XenStore database, or 
scripts which generate what is written to Xenstore. 

As of FreeBSD 8.0, the GENERIC kernel on the i386 
and amd64 architectures supports HVM. However, install- 
ing a custom kernel which adds the XENHVM option adds 
PV drivers and improves performance. This article was 
tested using a custom kernel running on a FreeBSD 9.0 
amd64 system. 
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What you should know... 

« How to build the FreeBSD kernel with XENHVM stock config 
« Medium notions of virtualization, Xen 

« Some knowledge of debugging production environments 


Additionally, the FreeBSD ports collection contains 
sysutils/xen-tools, which installs several small pro- 
grams for manipulating and updating the XenStore en- 
tries and for debugging Xen related problems. These 
tools are needed in order to enable the XenCenter, 
the XCP management client, to pass the XenAPI com- 
mands to the hypervisor in order to take advantage of 
XCP’s features. 


The Configuration 


1. Install the amd64 version of FreeBSD into a domo. 
During installation, in the Distribution Select menu, 
use the arrow and spacebar to select src. This is 
needed to install the XENKVM kernel. 

2. After booting into the FreeBSD installation, install the 
XENKVM kernel by typing the following commands 
as the superuser: 


ed /usr/src 
make buildkernel KERNCONF=XENKVM 
make installkernel KERNCONF=XENKVM 


3. Before rebooting into the custom kernel, edit /etc/ 
fstab and change adao to ado. Next, edit /etc/rc.conf 
and change the name of the network interface from 
its current value to ifconfig xno. 
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FreeBSD in Xen Cloud Platform (XCP) 


Once you have installed FreeBSD in HVM mode, when 
you right-click its entry in XenCenter, you will notice that 
its XCP feature set is limited. An example is seen in Fig- 
ure 1. 

The menu entry to “Install XenServer Tools’ will not work 
as FreeBSD is considered as unsupported at this time. In- 
stead, install the tools using the instructions at http:/Awiki. 
xen.org/wiki/FreeBSD_64-bit_ HVM_on_XCP. 

Once the tools are installed, you will now be able to use 
XenCenter to perform actions such as suspend, move, 
and adjust memory quantity through the balloon driver on 
your FreeBSD HVM machines. An example is seen in Fig- 
ure 2. 
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Figure 1. FreeBSD HVM Before Installing xen-tools 
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Figure 2. FreeBSD HVM After Installing xen-tools 
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Main advantages of using this virtualization 
environment 


¢ The core virtualization engine is open and well-test- 
ed. 

¢ Resize your vm on demand (in terms of memory). 

¢ Move the machines between hosts (if you use shared 
storage). 

¢ Cloning vms. 

¢ Gradual disk usage (the amount of space configured 
is not reserved in full in advance). 

¢ Optimized usage of CPU. 


Special thanks to 


- Dave Scott, who initially encouraged me to work on this adap- 
tation. 

- Mark Felder because of his assiduity and effort when he talks 
to FreeBSD and Citrix people and for maintaining the Xen-tools 
port. 

- All of Sarenet’s people, because working with them is a really 
nice experience. 

- My family, for their unwavering support. 


EGOITZ AURREKOETXEA AURRE 

Egoitz Aurrekoetxea Aurre is a sysadmin and system’s pro- 
grammer at Sarenet, who believes that Open Source commu- 
nity, documentation, and software are basically the most pow- 
erful strengths in the computing world. You can reach him at: 
egoitz@sarenet.es, http://www.sarenet.es. 

Don't hesitate to send him your comments or questions regard- 
ing his article. 
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Please join us October 25-27, 2013 at the Hyatt in Dulles, Virginia for the first biennial 
vBSDCon event. This exciting weekend will bring together members of the BSD community for a 
series of roundtable discussions, educational sessions, best practice conversations, and exclusive 
networking opportunities. See below for details on this industry weekend not to be missed: 
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¢ Netflix Demo/Presentation with Scott Long 
«netmap with Luigi Rizzo 
« Migration from GCC to LLVM/Clang with David Chisnall 
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of their respective owners. 
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DATACENTERS AND GLOBAL SERVICE NETWORKS TOGETHER. 


WE OFFER EXCEPTIONAL HARDWARE SUPPORT AS SOFTWARE SUPPORT ON UNIX/LINUX AND OPEN SOURCE APPLICATION. 
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